CN104704493A - Searchable encrypted data - Google Patents

Searchable encrypted data Download PDF

Info

Publication number
CN104704493A
CN104704493A CN 201380053158 CN201380053158A CN104704493A CN 104704493 A CN104704493 A CN 104704493A CN 201380053158 CN201380053158 CN 201380053158 CN 201380053158 A CN201380053158 A CN 201380053158A CN 104704493 A CN104704493 A CN 104704493A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
computer
searchable
field
index
data
Prior art date
Application number
CN 201380053158
Other languages
Chinese (zh)
Inventor
S·艾斯
S·纳加桑达拉姆
Original Assignee
维萨国际服务协会
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30286Information retrieval; Database structures therefor ; File system structures therefor in structured data stores
    • G06F17/30312Storage and indexing structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30286Information retrieval; Database structures therefor ; File system structures therefor in structured data stores
    • G06F17/30312Storage and indexing structures; Management thereof
    • G06F17/30321Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30861Retrieval from the Internet, e.g. browsers
    • G06F17/30864Retrieval from the Internet, e.g. browsers by querying, e.g. search engines or meta-search engines, crawling techniques, push systems
    • G06F17/30867Retrieval from the Internet, e.g. browsers by querying, e.g. search engines or meta-search engines, crawling techniques, push systems with filtering and personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30067File systems; File servers
    • G06F17/30091File storage and access structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30067File systems; File servers
    • G06F17/30091File storage and access structures
    • G06F17/30097Hash-based
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30067File systems; File servers
    • G06F17/301Details of searching files based on file metadata
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30067File systems; File servers
    • G06F17/301Details of searching files based on file metadata
    • G06F17/30106File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/30Information retrieval; Database structures therefor ; File system structures therefor
    • G06F17/30067File systems; File servers
    • G06F17/301Details of searching files based on file metadata
    • G06F17/30106File search processing
    • G06F17/30109File search processing using file content signatures, e.g. hash values
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/02Indexing scheme relating to groups G06F7/02 - G06F7/026
    • G06F2207/025String search, i.e. pattern matching, e.g. find identical word or best match in a string

Abstract

Embodiments of the invention broadly described, introduce systems and methods for enabling the searching of encrypted data. One embodiment of the invention discloses a method for generating a searchable encrypted database. The method comprises receiving a plurality of sensitive data records comprising personal information of different users, identifying one or more searchable fields for the sensitive data records, wherein each searchable field is associated with a subset of the personal information for a user, generating a searchable field index for each of the one or more searchable fields, and encrypting the sensitive data records using a database encryption key.

Description

可搜索的经加密的数据相关申请的交叉引用 May cross the encrypted data search REFERENCE TO RELATED APPLICATIONS

[0001] 本申请是2012年8月15日提交的美国临时申请No.61/683,659(代理案号: 79900-847131 (035100USP1))的非临时申请且要求其优先权,其全部内容出于所有目的通过引用整体结合于此。 [0001] US Provisional Application This application is August 15, 2012 filed No.61 / 683,659 (Attorney Docket No.: 79900-847131 (035100USP1)) and non-provisional application claims priority, in its entirety for all incorporated herein by reference in its entirety object.

背景技术 Background technique

[0002] 随着因特网日趋普及,将敏感的个人信息存储在不受信任的服务器计算机上的需要正在增长。 [0002] With the growing popularity of the Internet, it will require sensitive personal information stored on the server computer untrusted is growing. 例如,为了给用户提供快速响应时间,很多组织正卸载数据存储并处理至在地理上靠近用户的第三方数据中心。 For example, in order to provide users with fast response times, many organizations are unloading data storage and processing to geographically close to the user's third-party data center. 此外,出于成本和可扩展性原因,作为服务和其它"云"月艮务的存储在各组织中获得普及。 In addition, for reasons of cost and scalability, as services and other "cloud" storage month that works to get popularity in various tissues. 典型地,这些服务由第三方组织利用不确定的安全标准进行操作。 Typically, these services use by a third party organization to operate safety standards uncertain. 因此,确保静态数据的安全性继续成为必要。 Therefore, to ensure the security of data at rest continue to be necessary.

[0003] 为了解决此问题,一些系统可将经加密的数据上传到不受信任的服务器计算机。 [0003] In order to solve this problem, some systems can be uploaded to the server computer untrusted encrypted data. 尽管数据加密是用于保护敏感的个人信息的众所周知的技术,然而加密通常阻止搜索。 Although the data encryption to protect sensitive personal information, well-known technique used, however, encryption is generally stop searching. 因此,为了用户向经加密的数据库搜索期望的行,用户必须首先下载并解密整个数据库。 Therefore, to expect the user to the encrypted database search line, the user must first download and decrypt the entire database. 这需要过大的带宽和处理量,尤其对于大的数据库。 It takes too much bandwidth and throughput, especially for large databases.

[0004] 本发明的各实施例解决这些及其他问题。 [0004] The various embodiments of the present invention address these and other problems.

发明内容 SUMMARY

[0005] 广泛描述的本发明的各实施例介绍了用于使得经加密的数据的搜索成为可能的系统和方法。 Embodiments of the present invention [0005] broadly described embodiment describes that for the encrypted data becomes possible to search systems and methods.

[0006] 本发明的一个实施例公开了数据加密计算机。 An embodiment [0006] The present invention discloses a computer data encryption. 数据加密计算机包括处理器和非瞬态计算机可读存储介质,所述非瞬态计算机可读存储介质包括由处理器执行以用于实现一种方法的代码,所述方法包括:接收包括不同用户的个人信息的多个敏感数据记录;标识敏感数据记录的一个或多个可搜索的字段,其中每一可搜索的字段与用户的个人信息的子集相关联;生成所述一个或多个可搜索的字段中的每一个的可搜索的字段索引;以及利用数据库加密密钥加密敏感数据记录。 The computer includes a processor and a data encryption non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium comprising executable by the processor for implementing a method code, the method comprising: receiving a user different a plurality of sensitive personal information data records; field identifying one or more data records can be sensitive search, wherein the subset of the personal information can be searched for each field is associated with the user; generating the one or more each field searchable index search in the field; and the key to encrypt sensitive data encrypted with the database records.

[0007] 本发明的一个实施例公开了用于搜索经加密的数据库的计算机实现的方法。 An embodiment [0007] The present invention discloses a computer-implemented method for searching encrypted database implemented. 该方法包括:接收用户的个人信息;利用个人信息生成一个或多个索引值,每一索引值与可搜索的字段索引相关联;发送所述一个或多个索引值;接收匹配所述索引值的一个或多个经加密的数据记录;以及利用数据库解密密钥解密所述经加密的数据记录。 The method comprising: receiving a user's personal information; using a personal information generating one or more index values, each index value associated with the field searchable index; transmitting the one or more index values; received matches the index value one or more data records encrypted; and a data record using the decryption key database is encrypted.

[0008] 本发明的一个实施例公开了用于搜索经加密的数据库的计算机实现的方法。 An embodiment [0008] The present invention discloses a computer-implemented method for searching encrypted database implemented. 该方法包括:接收可搜索的字段索引的一个或多个索引值,其中所述索引值是利用用户的个人信息生成的;利用所述索引值检索一个或多个经加密的数据记录;以及发送所述一个或多个经加密的数据记录。 The method comprising: receiving a searchable index field of one or more index values, wherein the index value is generated using the user's personal information; and utilizing the index value to retrieve the one or more encrypted data record; and transmitting the one or more encrypted data record.

[0009] 关于本发明的各实施例的进一步细节可在详细描述和附图中发现。 [0009] Further details regarding various embodiments of the present invention can be found in the detailed description and drawings. 附图简述 BRIEF DESCRIPTION

[0010] 图1示出了使用可搜索的经加密的数据库的系统。 [0010] FIG 1 illustrates the use of encrypted searchable database system.

[0011] 图2示出了数据加密计算机的一个潜在实施例。 [0011] FIG 2 illustrates an encrypted computer data potential embodiments.

[0012] 图3示出了可搜索的经加密的数据库的示例性实施例的更详细的图示。 [0012] FIG. 3 shows a more detailed illustration of an exemplary embodiment of the encrypted searchable database.

[0013] 图4示出了数据加密计算机生成包括经加密的数据记录和可搜索的字段索引的经加密的可搜索的数据库的方法。 [0013] FIG. 4 shows a computer-generated data encryption method of searching the database may include encrypted and the encrypted data record field of the searchable index.

[0014] 图5示出了生成用于可搜索的字段的可搜索的字段索引的方法。 [0014] FIG. 5 shows a method of searching a field index may be used to generate a searchable field.

[0015] 图6示出了用于搜索和解密经加密的数据记录的方法。 [0015] FIG. 6 illustrates a method for searching and decrypting the encrypted data record.

[0016]图7示出了根据本发明的实施例的使用可搜索的经加密的数据库的示例性系统。 [0016] FIG. 7 illustrates an exemplary system according to the encrypted using an embodiment of the present invention can search the database.

[0017]图8描述了服务中心计算机从可搜索的经加密的数据库中检索用户的账户信息的方法。 [0017] FIG. 8 illustrates a service center computer to retrieve the user account information from the encrypted database searchable method.

[0018] 图9示出了卡片的形式的支付设备的示例。 [0018] FIG. 9 shows an example of the form of a card payment device.

[0019]图10是可被用于实现针对本发明的各实施例所描述的实体或部件中的任何一个的计算机系统的高级别框图。 [0019] FIG. 10 is a high-level block diagram that can be used for any computer system or physical components of the embodiments described various embodiments of the present invention in one implementation. 详细描述 Detailed Description

[0020] 在讨论本发明的各实施例之前,一些术语的描述可以有助于理解本发明的各实施例。 [0020] Prior to discussing embodiments of the present invention, some terms may be helpful in understanding the description of various embodiments of the present invention.

[0021] 术语"服务器计算机"可包括功能强大的计算机或计算机群。 [0021] The term "server computer" may include a powerful computer or cluster of computers. 例如,服务器计算机可以是大型机,小型计算机群,或起单元作用的服务器组。 For example, the server computer can be a mainframe, a minicomputer cluster, or a group from the server function unit. 在一个示例中,服务器计算机可以是耦合到Web服务器的数据库服务器。 In one example, the server computer may be a database server coupled to a Web server. 服务器计算机可被耦合到数据库,并且可包括用于为来自一个或多个客户端计算机的请求服务的任何硬件、软件、其他逻辑、或者前述项的组合。 The server computer may be coupled to a database, and may include any hardware, software or a plurality of requests from client computers and services, other logic, or a combination of the aforementioned. 服务器计算机可包括一个或多个计算装置,并且可使用用于为来自一个或多个客户端计算机的请求服务的各种计算结构、布局,以及编译中的任何一种。 The server computer may comprise one or more computing devices, and may be used for a variety of computing architecture, layout, and compiled in any one of the one or more requests from client computers and services.

[0022] 术语"敏感数据记录"可包括包含一个或多个"敏感数据字段"(诸如个人信息、财务信息、受保护信息、对于多个用户的私有或敏感数据)的任何数据记录。 [0022] The term "sensitive data record" may comprise comprise one or more "sensitive data field" (such as personal information, financial information, the protected information for a plurality of users of private or sensitive data) of the data recording. 例如,敏感数据记录可包括用户的全名、信用卡号码、健康档案、驾照号码和密码。 For example, sensitive data records may include full name, credit card numbers, health records, driver's license numbers and passwords of users.

[0023] 术语"可搜索的字段"可包括可被用于搜索或检索敏感数据记录的任何字段。 [0023] The term "field may search for" may include any field may be used to search or retrieve sensitive data record. 在某些情况下,可搜索的字段可包括敏感数据记录中的字段或敏感数据记录中的字段的一部分,诸如用户的个人信息的子集。 In some cases, the search field may include a portion of a field may record sensitive or sensitive data in the data recording field, such as a subset of the personal information of the user. 可搜索的字段的示例可包括用户的首字母和姓、用户的信用卡号码的最后四位数字或用户的邮政编码。 Examples of searchable fields may include the user's initials and last name, or the last four digits of the user's credit card number of the user's zip code.

[0024] 术语"可搜索的字段值"可包括敏感数据记录的可搜索的字段的值。 Value [0024] The term "searchable field value" may include sensitive data recording fields searchable. 例如,对于包括用户的姓名"JohnSmith"和用户的社会保险号"001-23-4567"的敏感数据记录,可搜索的字段可以是用户的社会保险号的最后四位数字。 For example, for the user's name "JohnSmith" and the user's social security number "001-23-4567" sensitive data records, fields, searchable user may be the last four digits of social security number. 因此,对于该用户的可搜索的字段值将是"4567"。 Thus, for the field value of the user may search will be "4567."

[0025] "可搜索的字段的敏感性"可包括对于字段的可搜索的字段值应当被保护到的程度的指示。 [0025] "Sensitivity field may search for" may include field values ​​for the field may search should be protected to the extent indicated. 例如,用户的最后四位数字的可搜索的字段可被视为"非敏感的",因为该信息通常被视为公开地可用的且非个人可标识的。 For example, the last four digits of the user field of search may be considered to be "non-sensitive" because the information is generally considered to be publicly available and non-personally identifiable. 然而,用户的名和姓的可搜索的字段可被视为"敏感的",因为其可指示用户的身份,如果知道的话。 However, the user can search fields first and last name may be considered "sensitive", because it can indicate the user's identity, if known. 进一步,用户的完整社会保险号的可搜索的字段可被视为"高度敏感的",因为通常期望社会保险号被保密。 Further, the complete social security number field to search the user may be considered "highly sensitive" because it is often desirable social security number is confidential.

[0026] 术语"可搜索的字段索引"可包括索引、数据库列、映射或用于将可搜索的字段值与数据记录相关联的其它数据结构。 [0026] The term "field searchable index" may include an index, a database column, or to map the data field values ​​searchable record other data structures associated. 可搜索的字段索引可包括一个或多个"可搜索的字段索引值",其可包括任何经转换的或未经转换的可搜索的字段值。 Searchable index field may include one or more "fields searchable index value", which may comprise any searchable field value converted or unconverted. 例如,对于用户的姓名的可搜索的字段,可搜索的字段值可以是"JohnSmith",并且用户的可搜索的字段索引值可以是SHA-2格式中的散列的姓名(例如,"5078093fdf75a673")。 For example, the field name for the user can search for a field value can be searchable "JohnSmith", and the field index value may be searched may be the name of the user hash SHA-2 format (e.g., "5078093fdf75a673" ). 可搜索的字段索引可将每一可搜索的字段索引值映射到相关联的数据记录。 Searchable index field each field may be searchable index values ​​are mapped to the data record associated. 因此,用户的姓名的散列随后可被用于检索该用户的数据记录。 Thus, the user name hash may then be used to retrieve the user data recording.

[0027] 在本发明的某些实施例中,多个可搜索的字段索引可与数据记录相关联。 [0027] In certain embodiments of the present invention, a plurality of searchable index field may be associated with the data record. 例如,在某些实施例中,此一个或多个可搜索的字段索引可被存储在数据库表的相同行中作为数据记录。 For example, in certain embodiments, the one or more fields searchable index may be stored as a data record in the same row of a database table. 在这样的实施例中,可执行SQL查询或其它搜索以检索具有可搜索的字段索引的特定可搜索的字段索引值的行。 In such an embodiment, SQL queries or perform other search fields to retrieve rows with index values ​​indexed searchable specific searchable.

[0028] 术语"可搜索的经加密的数据库"可包括包含经加密的数据记录和一个或多个可搜索的字段索引的任何数据库、表或其它数据集合。 [0028] The term "encrypted searchable database" may include any database record containing the encrypted data and the one or more searchable index fields of the table, or other data sets. "经加密的数据记录"可包括已被加密的敏感数据记录。 "Encrypted data record" may include encrypted sensitive data has been recorded. 经加密的数据记录可包括一个或多个经加密的数据字段。 Recording the encrypted data may include one or more of the encrypted data field. 在某些实施例中,所有敏感数据记录可利用"数据库加密密钥"进行加密,该数据库加密密钥可包括任何加密密钥或其它秘密数据。 In certain embodiments, all sensitive data records available "database encryption key" encryption, the encryption key database may include any encryption keys or other secret data. 在其它实施例中,敏感数据记录可单独地或成组地进行加密。 In other embodiments, the sensitive data may be recorded individually or in groups encrypted. 可搜索的经加密的数据库可以是可操作的以通过匹配与数据记录相关联的可搜索的字段索引值来检索一个或多个经加密的数据记录。 Encrypted searchable database may be operable in a searchable index field values ​​associated with the data records by matching to retrieve one or more of the encrypted data record.

[0029] 术语"搜索参数"可包括用于确定经加密的数据记录以从可搜索的经加密的数据库检索的一个或多个可搜索的字段索引值或其它参数的集合。 [0029] The term "search parameters" may include means for determining the encrypted data to a record retrieved from the encrypted database of searchable fields or more sets of searchable index values ​​or other parameters. 例如,用户"JohnSmith"的记录可通过提供对应于他的姓名的第一可搜索的字段索引值"5078093fdf75a673"以及对应于他的信用卡号码的最后4位数字的第二可搜索的字段索引值"4567"来进行检索。 For example, a user "JohnSmith." Recording by providing a first search field index value corresponds to his name "5078093fdf75a673" and the field index value of the "last four digits of his credit card number corresponds to the second searchable 4567 "to be retrieved. 所提供的索引值可对照姓名和信用卡号码的可搜索的字段索引进行匹配以确定与用户相关联的经加密的数据记录。 Index value may be provided a control name and credit card number field searchable index to determine a match with a user associated with the encrypted data record.

[0030] 本发明的各实施例提供很多技术优势。 Each of the embodiments [0030] The present invention offers many technical advantages. 例如,本发明的各实施例使得由服务器所存储的经加密的数据的搜索成为可能而不需要该服务器解密该数据。 For example, embodiments of the present invention is such that the encrypted by the server the stored data becomes possible to search the server without the need to decrypt the data. 经常需要将敏感数据存储在不受信任的服务器上。 Often we need to untrusted servers store sensitive data in. 例如,各组织可将数据上传至更靠近他们的用户的第三方缓存服务器,或出于备份或可扩展性原因,可将数据存储在云服务器中。 For example, organizations can upload the data to the user closer to their third-party caching server, or for backup or scalability reasons, the cloud server data can be stored. 在某些情况下,这些服务器可能不由该组织进行操作,并且可能易受安全性破解的攻击。 In some cases, these servers might not help the organization operates, and may be susceptible to security attacks break. 在某些实施例中,这些问题可通过利用数据库加密密钥加密敏感数据记录并在数据加密计算机处生成可搜索的字段索引,随后将经加密的数据记录和可搜索的字段索引发送至第三方服务来解决。 In certain embodiments, these problems can be recorded by encrypting the sensitive data using the encryption key database and generate a searchable index field in the computer at the data encryption, then transmits the encrypted data to a third party records and fields searchable index services to resolve. 由于数据库加密密钥不与第三方服务共享,因而敏感数据的内容被模糊化。 Because the database encryption key is not shared with third-party services, content and thus sensitive data is blurred. 然而,该数据仍可利用可搜索的字段索引进行搜索。 However, the data is still available field searchable index to search.

[0031 ] 本发明的各实施例提供使得对经加密数据的可搜索访问成为可能的进一步的技术优势。 Each of the embodiments [0031] The present invention provides such a search may access the encrypted data becomes further possible technical advantages. 在本发明的各实施例中,通过给客户提供数据库解密密钥,多个客户或客户端可被给予对可搜索的经加密的数据库的访问。 In various embodiments of the present invention, by providing a database decryption key to the client, multiple clients or client may be given access to the encrypted searchable database. 随后,可搜索的经加密的数据库可被客户并行地搜索并且没有执行附加的客户认证。 Subsequently, the encrypted searchable database may be searched in parallel, and the client does not perform an additional client authentication. 这提供了允许在变化最少甚至没有变化的情况下使用商业现成(COTS)数据库软件来支持搜索经加密的数据的额外的好处。 This provides the added benefit of allowing the use of COTS (COTS) database software without the least change or no change to support the search for encrypted data. 因此,本发明的各实施例降低了复杂性并且提高了可搜索的经加密的数据库的效率。 Accordingly, various embodiments of the present invention reduces the complexity and the efficiency of the encrypted searchable database.

[0032] 本发明的各实施例提供使得针对该数据库的各种用户的不同访问控制级别成为可能的进一步的技术优势。 Each of the embodiments [0032] The present invention provides such a variety of different users access the database for control level becomes further possible technical advantages. 例如,可能期望限制该数据库的某些用户利用某些可搜索的字段检索记录(例如,通过利用可搜索的字段密钥加密索引值)。 For example, some users may be desirable to limit the field of use of the database to retrieve records (e.g., by using a field key encryption searchable index values) of some searchable. 在一个情况中,呼叫中心的较低级别员工可能未被提供字段密钥,该字段密钥允许仅利用消费者的姓名搜索消费者的个人信息。 In one case, a lower-level call center employees may not provide the key field, the field is key to allow only the use of personal information of consumers search for the name of the consumer. 这可阻止较低级别员工偷窃具有公知或先前所知姓名的消费者的消费者信息。 This prevents lower-level employees stealing customer information has a known or previously known names of consumers. 相反,该消费者姓名必须与一些其他信息(例如,消费者的信用卡号码的最后4位数字)一起被提供。 Instead, the consumer's name must be provided along with some other information (for example, the consumer's credit card number, the last four digits). 因此,可防止可能的欺诈。 Therefore, to prevent possible fraud. 之后,一旦该员工已经被审查或被证明可信,则可提供字段密钥。 Then, once the employee has been reviewed or prove credible, can provide key field. 因此,通过控制对某些可搜索的字段的访问,本发明的各实施例可提高敏感数据记录的安全性。 Thus, by controlling access to some of the searchable fields, embodiments of the present invention can improve the security of sensitive data records.

[0033] 以上的示例仅突出强调了根据本发明的各实施例的可搜索的经加密的数据库的几个优势。 [0033] The above examples are merely highlighted several advantages encrypted searchable various embodiments of the present invention according to the database. I.示例性可搜索的经加密的数据库系统 I. Exemplary encrypted searchable database system

[0034] 在图1中可见使用可搜索的经加密的数据库的系统100。 System 100 [0034] using the encrypted visible in searchable database of FIG. 系统100包括客户端计算机A101、客户端计算机B102、客户端计算机C103、客户端计算机D104、通信网络105、 数据加密计算机200、数据库访问服务器106和可搜索的经加密的数据库300。 The system 100 includes a 105, a data encryption computer 200, the database access server 106 and the encrypted searchable database 300 client computers A101, B102 client computer, the client computer C103, D104 client computers, a communication network. 如所示,数据加密计算机200可与客户端计算机101、102、103、104中的每一个通信并且可将一个或多个加密密钥分配给客户端计算机101-104。 As shown, the data encryption and computer 200 can be one or more encryption keys each assigned client computers 101, 102 in communication with the client computers 101-104. 通信网络105可促进客户端计算机101-104和数据库访问服务器106之间的数据传输。 Communication network 105 may facilitate transfer of data between client computers 101-104 and the server 106 to access the database. 客户端计算机101-104可运行一个或多个应用, 该一个或多个应用可连接至数据库访问服务器106以搜索存储在可搜索的经加密的数据库300中的经加密的数据。 Client computers 101-104 may run one or more applications, the one or more applications may be connected to the encrypted data encrypted in the searchable database 300 to database server 106 searches the storage access.

[0035] 适当的通信网络105可以是下列项的任何一个和/或组合:直接互连;因特网;局域网(LAN);城域网(MN);作为因特网上节点的操作任务(OMNI);有担保的自定义连接; 广域网(WAN);无线网络(例如,采用诸如但不限于无线应用协议(WAP)、I-mode和/或类似协议之类的协议);和/或类似的。 [0035] The suitable communication network 105 may be any one and / or combinations of the following items: a direct interconnection; Internet; a local area network (the LAN); Metropolitan Area Network (the MN); as an operation tasks (OMNI) node on the Internet; the custom connection security; wide area network (the WAN); a wireless network (e.g., such as but not limited to using the wireless application protocol (WAP), I-mode and / or a protocol similar protocols); and / or the like.

[0036] 图2示出了数据加密计算机200的一个潜在实施例。 [0036] FIG. 2 shows a computer 200 of the data encryption potential embodiments. 如图2中所描绘的,数据加密计算机200可包括服务器计算机210,该服务器计算机210包括若干模块,诸如客户认证模块211、个人信息分析器模块212、数据加密模块213、加密密钥传输模块214、数据散列模块215和索引生成模块216。 As depicted in FIG. 2, data encryption computer 200 may include a server computer 210, server computer 210 includes several modules, such as client authentication module 211, a personal information analyzer module 212, a data encryption module 213, an encryption key transmission module 214 , data hash index generation module 215 and module 216. 数据加密计算机200还可包括个人信息数据库220。 Data encryption computer 200 may further include a personal information database 220. 各种模块可由位于计算机可读介质上的计算机代码来体现。 The various modules may be located in a computer readable computer code embodied on a medium.

[0037] 客户认证模块211可被配置成执行客户认证和授权确定。 [0037] The client authentication module 211 may be configured to perform client authentication and authorization determination. 例如,客户认证模块211 可被用于确定经授权以接收与可搜索的经加密的数据库相关联的数据库解密密钥或接收与可搜索的字段索引相关联的字段密钥的一个或多个客户或客户端计算机。 For example, the client authentication module 211 may be used to determine authorized to receive a database associated with the encrypted decryption key database searchable fields or receive the key field associated index searchable or more client or the client computer. 客户认证模块211可利用用于授权的任何适当的技术,诸如用户名和密码登录、双因素认证或基于证书的认证。 Client authentication module 211 may use any suitable technique for authorization, such as user name and password, two-factor authentication or authentication based on a certificate.

[0038] 个人信息分析器模块212可被配置成分析个人信息(诸如存储在个人信息数据库220中的信息)以确定可搜索的字段的敏感性和所需的相应级别的数据保护。 [0038] Personal information analyzer module 212 may be configured to analyze the personal information (such as information stored in the personal information database 220) to determine the sensitivity and searchable fields corresponding level of data protection desired. 例如,个人信息分析器模块212可被用于确定包括客户的社会保险号的最后四位数字的可搜索的字段的敏感性或完整的信用卡号码(例如,主账号或PAN)的敏感性。 For example, personal information analyzer module 212 can be used for sensitive or incomplete credit card number to determine the last four digits including the customer's social security number of searchable fields (for example, the primary account number or PAN) sensitivity. 在某些实施例中,个人信息分析器模块212可利用用于确定可搜索的字段的敏感性和相关联的数据保护要求的规则、 标准或协议进行编程。 In certain embodiments, the personal information analyzer module 212 may use rules to determine the sensitivity and data protection requirements associated searchable fields, standards or protocols be programmed. 例如,在涉及医疗保健相关的个人信息的一个实施例中,个人信息分析器模块212可被编程为符合健康保险携带和责任法案(HIPPA)数据保护标准。 For example, in one embodiment relates to healthcare-related personal information, personal information analyzer module 212 can be programmed to comply with the Health Insurance Portability and Accountability Act (HIPPA) data protection standards. 因此,从敏感数据生成的任何可搜索的字段可按照HIPPA标准进行保护。 Thus, any field can be generated from a search of sensitive data may be protected in accordance with HIPPA standards.

[0039] 数据加密模块213可被配置成生成加密密钥并利用所生成的密钥加密数据。 [0039] Data Encryption module 213 may be configured to generate an encryption key and encrypted using the key data generated. 加密可包括信息的任何编码从而使得未被授权的用户不能读取它,而经授权的用户可以,或如本领域已知的其它方式那样。 Encryption may comprise any encoded information so that unauthorized users can not read it, the user can be authorized, or other means as known in the art. 在本发明的各实施例中,加密可利用对称密钥或公钥/私钥对来执行。 In various embodiments of the present invention, a symmetric key encryption or public / private key pair is performed. 例如,用户的出生日期(例如,"1/2/1934")可利用加密密钥进行加密以产生经加密的数据(例如,0x34A69F)从而使得经加密的数据可能是不可读的。 For example, the user's birth date (e.g., "1/2/1934") can be encrypted with the encryption key to produce encrypted data (e.g., 0x34A69F) such that the encrypted data may be unreadable. 经授权的用户可接着解密该数据从而使得出生日期是可读的。 Authorized users can then decrypt the data so that the date of birth is readable.

[0040] 在某些实施例中,数据加密模块213可生成数据库加密密钥、数据加密密钥、可搜索的字段密钥、用于与客户端计算机101-104通信的加密密钥或任何其它适当的加密密钥。 [0040] In certain embodiments, the data encryption module 213 may generate database encryption key, the encryption key data, the key field is searchable, an encryption key for communication with the client computer 101-104 or any other appropriate encryption key. 数据加密模块213还可加密敏感数据记录以生成经加密的数据记录,并且加密可搜索的字段值。 Data encryption module 213 may encrypt sensitive data records to generate an encrypted data record, and an encrypted field values ​​searchable. 在某些实施例中,数据加密模块213可利用一个或多个硬件部件,诸如加密处理器或可信平台模块(TPM)。 In certain embodiments, the data encryption module 213 may utilize one or more hardware components, such as a cryptographic processor or trusted platform module (TPM).

[0041] 加密密钥传输模块214可被配置成将一个或多个经加密的密钥传送至客户端计算机101-104。 [0041] The encryption key transfer module 214 may be configured to transmit one or more encrypted key to the client computers 101-104. 例如,加密密钥传输模块214可被用于发送数据库解密密钥或可搜索的字段密钥。 For example, an encryption key transmission module 214 may be a field for transmitting a key or a decryption key database searchable. 在某些实施例中,加密密钥传输模块214可与客户认证模块211通信以确定经授权以接收数据库解密密钥或可搜索的字段密钥的一个或多个客户或客户端计算机。 In certain embodiments, the encryption key transmission module 214 may communicate with the client authentication module 211 to determine is authorized to receive a decryption key database or key fields may search one or more clients or client computers.

[0042] 数据散列模块215可被配置成散列诸如可搜索的字段值之类的数据。 [0042] The data hash module 215 may be configured to search for data such as a hash value of a field or the like. 散列可指代取数据作为输入并返回固定大小的位串(即,散列)的任何算法或函数,或如本领域已知的其它方式那样。 It may refer to a hash takes as input data and returns a fixed-size bit string (i.e., hash) function or any algorithm, or other means as known in the art. 在各实施例中,散列可利用SHA-2、MD5、bcrypt、Bl〇Wfish或任何其它适当的方法来执行。 In various embodiments, may utilize a hash SHA-2, MD5, bcrypt, Bl〇Wfish or any other suitable way to perform. 例如,可散列用户的出生日期(例如,"12/3/45")以生成可信的散列(例如,"a3b8919fcb9d2")。 For example, the user's date of birth can be a hash (e.g., "12/3/45") to generate a trusted hash (e.g., "a3b8919fcb9d2"). 随后,由用户所生成的散列可与可信的散列进行比较以检索与该出生日期相关联的数据记录。 Subsequently, by the user may be generated hash data recording and comparing the retrieved date of birth is associated with a trusted hash.

[0043] 索引生成模块216可被配置成生成索引,诸如可搜索的字段的索引。 [0043] The index generating module 216 may be configured to generate an index, such as index field searchable. 例如,索引生成模块216可被配置成利用个人信息分析器模块212来确定可搜索的字段的敏感性、分别地利用数据加密模块213或数据散列模块215来加密或散列可搜索的字段值以生成可搜索的字段索引值以及利用加密密钥传输模块214来传输可搜索的字段加密密钥。 For example, the index generating module 216 may be configured to utilize personal information analyzer module 212 to determine the sensitivity of searchable fields, respectively, using the field value of the data encryption module 213 or module 215 to encrypt data hash or hash searchable index value to generate a search field and a field of the encryption key using an encryption key transmission module 214 to transmit searchable. 在某些实施例中,索引生成模块216可利用个人信息数据库220来生成索引。 In certain embodiments, the index generating module 216 may utilize the personal information database 220 to generate the index.

[0044] 个人信息数据库220可包括一个或多个客户的个人信息。 [0044] The personal information database 220 may include one or a plurality of customers' personal information. 在某些实施例中,个人信息数据库220可以是明文可见的从而使得服务器计算机210可从数据库220读取数据。 In certain embodiments, the personal information database 220 may be such that the visible plaintext server computer 210 may read data from database 220.

[0045] 参见图3,示出了可搜索的经加密的数据库300的示例性实施例的更详细的图示。 [0045] Referring to Figure 3, shows a more detailed illustration of an exemplary embodiment of an encrypted database 300 is searchable. 可搜索的经加密的数据库300可被配置成存储经加密的数据记录以及与经加密的数据记录相关联的可搜索的字段索引。 Encrypted searchable database 300 may be configured to store encrypted data records and index fields associated with the encrypted data record searchable. 描述了可被包括在敏感数据记录和可搜索的字段索引中的一些可能的数据字段。 May be described in data fields may include some sensitive data records and fields in the searchable index. 可搜索的经加密的数据库300可包括多于一个数据库,并且这些数据库可处于相同的位置或可被远程地定位。 Encrypted searchable database 300 may include more than one database, and the databases may be in the same location or may be located remotely. 在某些实施例中,存储在可搜索的经加密的数据库300中的数据可包括个人信息。 In certain embodiments, the encrypted data stored in the searchable database 300 may include personal information. 例如,可搜索的经加密的数据库300可包括多个经加密的数据字段,诸如姓名字段302、出生日期字段303、主账号(PAN)字段304、社会保险号(SSN)字段305和地址字段306。 For example, encrypted database 300 may include a plurality of searchable encrypted data fields, such as name field 302, date of birth field 303, primary account number (PAN) field 304, Social Security Number (SSN) field 305 and address field 306 . 可搜索的经加密的数据库300还可包括一个或多个可搜索的字段索引,诸如姓名索引307、出生的日和月索引308、PAN(最后4位)索引309、SSN(最后4位)索引310和邮政编码索引311。 Encrypted database searchable index field 300 may further comprise one or more searchable index 307 such as name, birth date and month index 308, PAN (last 4) index 309, SSN (the last four digits) Index zip code 310 and the index 311.

[0046] 用户标识符字段301可包括用户的任何适当的标识符。 [0046] The user identifier field 301 may comprise any suitable identifier of the user. 例如,用户标识符可包括分配给每一用户的唯一的号码(例如,GUID)、与用户相关联的用户名或任何其它适当的标识符。 For example, a number unique to the user identifier (e.g., the GUID) assigned to each user may include the user's name associated with the user or with any other suitable identifier. 例如,如果对于用户"JohnSmith"的用户名是jsmith45,则"jsmith45"可被存储在用户标识符字段301中。 For example, if the user "JohnSmith" username is jsmith45, the "jsmith45" may be stored in the user identifier field 301.

[0047] 姓名字段302可包括用户的全名或依法登记的姓名。 [0047] The name field 302 may include a user's full name or legally registered name. 例如,对于用户jsmith45, "JohnSmith"可被存储在用户的经加密数据记录中的姓名字段302中。 Name field, for example, the user jsmith45, "JohnSmith" may be stored in the encrypted data recorded in the user 302.

[0048] 出生日期字段303可包括用户完整的出生日期。 [0048] Date of birth field 303 may include a user full date of birth. 出生日期可以任何适当的格式进行存储,并且可指示用户出生的日、月和年。 Date of birth can be stored in any suitable format, and the user can indicate the date of birth, month and year. 例如,对于用户jsmith45,出生日期字段303可包括"12/3/1945"。 For example, for a user jsmith45, date of birth field 303 may include "12/3/1945."

[0049] 主账号(PAN)字段304可包括用户的信用卡号码、银行账号或任何其它适当的账号。 [0049] The primary account number (PAN) field 304 may include a user's credit card number, bank account number, or any other suitable account. 例如,对于用户jsmith45,PAN字段304可包括用户的16位数字信用卡号码"4567-8901-2345-6789"。 For example, the user jsmith45, PAN field 304 may include a user 16-digit credit card number "4567-8901-2345-6789."

[0050] 社会保险号(SSN)字段305可包括用户的社会保险号或与用户相关联的任何其它适当的政府标识号码。 [0050] Social Security Number (SSN) field 305 may include any other appropriate government identification number or social security number of users associated with the user. 例如,对于用户jsmith45,SSN字段305可包括社会保险号"001-23-4567"。 For example, for a user jsmith45, SSN field 305 may include a Social Security number "001-23-4567."

[0051] 地址字段306可包括用户的地址。 [0051] The address field 306 may include a user address. 地址可以是邮寄地址、账单地址、居住地址或与用户相关联的任何其它适当的地址。 The address can be a mailing address, billing address, and any other appropriate address or residential address associated with the user. 地址可利用街道名和街道号码、地理坐标或任何其它适当的方式来表示。 Address can use street name and street number, geographic coordinates or any other appropriate way to represent. 例如,对于用户jsmith45,地址字段306可包括"123MainSt,San Francisco,CA, 94111"。 For example, the user jsmith45, address field 306 may include a "123MainSt, San Francisco, CA, 94111".

[0052] 在本发明的各实施例中,包括经加密的数据记录的经加密的数据字段301-306可诸如利用数据库加密密钥单独地或共同地进行加密。 [0052] In various embodiments of the present invention, it comprises recording encrypted data encrypted data fields 301-306 may be individually or collectively, such as encrypted with the encryption key database. 经加密的数据记录可与一个或多个可搜索的字段索引307-311相关联,如以下所描述的。 307-311 encrypted data record may be associated with one or more searchable index fields by, as described below.

[0053] 姓名索引307可包括包含用户的全名或依法登记的姓名的索引。 [0053] Name of the index may include an index 307 contains the user's full name or names legally registered. 因此,在本发明的某些实施例中,与姓名索引307相关联的可搜索的字段值可类似于存储在姓名字段320 中的那些。 Thus, in some embodiments of the present invention, the index names 307 associated with the search field values ​​may be similar to those stored in the name field 320. 然而,在本发明的某些实施例中,姓名索引307可被确定为敏感的,并因此其可被散列以使字段值模糊(obfuscate)。 However, in certain embodiments of the present invention, the index names 307 may be determined to be sensitive, and thus it can be hashed to a value that the blur field (obfuscate). 例如,对于具有姓名"JohnSmith"的用户jsmith45, 相应的可搜索的字段索引值可以是"ef61a579c907bbed674c0"(利用姓名"JohnSmith"的SHA-2散列所生成)。 For example, for a user having a name jsmith45 "JohnSmith", the corresponding field index value may be searchable "ef61a579c907bbed674c0" (use the name "JohnSmith" is generated by SHA-2 hash). 因此,包括"JohnSmith"的SHA-2散列的搜索参数可被用于从姓名索引307检索用户jsmith45的经加密的数据记录。 Thus, including "JohnSmith" search parameter SHA-2 hash index 307 can be used to retrieve a user name from jsmith45 encrypted data record.

[0054] 出生的日和月索引308可包括包含用户的出生的日和月的索引。 [0054] the day and month of birth of the index 308 may include the date and month of birth of the index contains the user. 由于用户的出生的日和月通常不被视为敏感数据,因而其可以明文被存储在索引308中。 Since the birth of the user's day and month it is not usually regarded as sensitive data, so it can be stored in clear text in the index 308. 例如,对于其出生日期为"12/3/1945"的用户jsmith45,字符串"12/3"可被存储在用户的出生的日和月索引308中。 For example, for a user jsmith45 date of birth is "12/3/1945", the string "12/3" may be stored in the user's birth date and month index 308. 因此,包括出生的日和月" 12/3"的搜索参数可被用于从索引308检索用户jsmith45 的经加密的数据记录。 Thus, including the day and month of birth "12/3" search parameter can be used to retrieve 308 from the encrypted user data record index jsmith45.

[0055]PAN(最后4位)索引309可包括包含用户的主账号(PAN)的最后四位数字的索引。 [0055] PAN (last 4 digits) may include the index 309 contains the user's primary account number (PAN) of the last four digits of the index. 由于PAN的最后四位数字通常不被视为敏感数据(因为其可被印刷在收据上或被显示在网页上),因而其可同样以明文被存储在索引309中。 Since the last four digits of the PAN is not generally considered sensitive data (as it may be printed or displayed on a web page on a receipt), which thus can likewise be stored in plain text in the index 309. 例如,对于其PAN为"4567-8901-2345-6789"的用户jsmith45,索引309的相应的可搜索的字段索引值可以是"6789"。 For example, for a user jsmith45 which PAN is "4567-8901-2345-6789", the index of the corresponding fields searchable index value 309 may be "6789." 因此,包括PAN的最后4位数字"6789"的搜索参数可被用于从索引309检索用户jsmith45的经加密的数据记录。 Thus, the PAN including the last four digits "6789" in the search parameters can be used to retrieve 309 from the encrypted user data record index jsmith45.

[0056]SSN(最后4位)索引310可包括包含用户的社会保险号(SSN)的最后四位数字的索引。 [0056] SSN (last 4) index 310 may include the last four digits of the social security comprising user number (SSN) index. 由于SSN的最后四位数字通常被视为高度敏感数据(因为其可被用于冒充一个人), 因而其可在索引310中被存储为基于散列的消息认证码(HMC)。 Since the last four digits of SSN is generally considered highly sensitive data (as it can be used to impersonate a person), and thus it may be stored as a hash-based message authentication code (HMC) 310 index. 因此,可搜索的字段密钥可针对索引310而生成并且被用于生成HMAC索引值。 Thus, the key field can be generated for the search index 310 and used to generate an index value HMAC. 例如,对于其SSN为"001-23-4567" 的用户jsmith45,索引309的相应的可搜索的字段索引值可以是"bee0b8cfdac4a"。 For example, for a user jsmith45 which the SSN "001-23-4567", the corresponding field searchable index value of the index 309 may be a "bee0b8cfdac4a". 因此, 包括利用可搜索的字段密钥所生成的"4567"的HMAC的搜索参数可被用于从索引310检索用户jsmith45的经加密的数据记录。 Thus, including the use of "4567" search parameter HMAC key searchable fields generated may be used to retrieve 310 from the encrypted user data record index jsmith45.

[0057] 邮政编码索引311可包括包含与用户相关联的邮政编码的索引。 [0057] 311 may include a zip code index contains an index associated with the user's ZIP code. 由于用户的邮政编码通常不被视为敏感数据,因而其可以明文被存储在索引311中。 Since the user's zip code is not generally considered sensitive data, which may thus be stored in plain text in the index 311. 例如,对于其地址为"123MainSt,SanFrancisco,CA, 94111"的用户jsmith45,字符串"94111"可被存储在用户的邮政编码索引311中。 For example, an address of "123MainSt, SanFrancisco, CA, 94111" user jsmith45, the string "94111" may be stored in the user's zip code index 311. 因此,包括邮政编码"94111"的搜索参数可被用于从索引311 检索用户jsmith45的经加密的数据记录。 Thus, including zip code "94111" search parameter can be used to retrieve an index from the user jsmith45 311 records the encrypted data. II.示例性可搜索的经加密的数据库生成方法 II. Exemplary encrypted searchable database generation method

[0058] 图4示出了数据加密计算机200生成包括经加密的数据记录和可搜索的字段索引的经加密可搜索数据库的方法。 [0058] FIG. 4 shows a computer 200 generates a data encryption comprising the encrypted data encrypted by the recording and searchable index fields searchable database approach.

[0059] 在步骤401处,数据加密计算机200接收多个敏感数据记录。 [0059] At step 401, the computer 200 receives a plurality of data encryption of sensitive data records. 敏感数据记录可从任何适当的来源接收。 Sensitive data records can be received from any suitable source. 例如,在某些实施例中,敏感数据记录可从个人信息数据库220或从可信的数据库中检索。 For example, in certain embodiments, the sensitive data 220 may be recorded or retrieved from a database of personal information from a trusted database.

[0060] 表1示出了三个敏感数据记录的示例性表示。 [0060] Table 1 shows an exemplary representation of the three sensitive data record. 如所示,敏感数据记录可包括多个敏感数据字段,诸如用户的ID、姓名、出生日期、主账号(PAN)和社会保险号(SSN)。 As shown, a plurality of sensitive data, sensitive data record may include fields, such as a user ID, name, date of birth, primary account number (PAN) and Social Security Number (SSN).

Figure CN104704493AD00101

表1 Table 1

[0061] 在步骤402处,数据加密计算机200标识敏感数据记录的可搜索的字段。 [0061] At step 402, the computer 200 identifies the encrypted sensitive data field of the data records can be searched. 在某些实施例中,可从用户输入标识可搜索的字段。 In certain embodiments, the input field may identify a searchable from the user. 在某些情况中,生成可搜索的经加密的数据库300的用户可指定一个或多个期望的可搜索的字段。 In some cases, generating searchable database of encrypted user 300 may specify one or more desired searchable fields. 例如,对于表1中所示的数据记录,用户可指定这些记录可利用用户的姓名、他们的PAN的最后四位数字和他们的SSN的最后四位数字进行搜索。 For example, the data recording shown in Table 1, the user may specify these records using the user's name, the last four digits of their PAN and their last four digits of SSN search.

[0062] 表2示出了三个敏感数据记录和相关联的可搜索的字段的示例性表示。 [0062] Table 2 shows an exemplary data record fields and three sensitive associated searchable representation. 如所示, 可搜索的字段包括用户的姓名、用户的PAN的最后四位数字和用户的SSN的最后四位数字。 As shown, the search field may include a user name, an SSN user of the PAN and the last four digits of the last four digits of the user.

Figure CN104704493AD00111

表2 Table 2

[0063] 在步骤403处,数据加密计算机200生成每一可搜索的字段的可搜索的字段索引。 [0063] At step 403, each field of data encryption computer searchable field 200 generates a searchable index. 可搜索的字段索引可包括多个可搜索的字段索引值。 Searchable index field may include a plurality of index values ​​searchable fields. 每一可搜索的字段索引值可利用敏感数据记录中的敏感数据字段值来生成,并且可与该数据记录相关联。 Each field index value may be searched using the data field values ​​may be sensitive sensitive data record is generated, and may be associated with the data record. 在一个示例中,可针对包括用户的社会保险号的最后四位数字的可搜索的字段生成可搜索的字段索引。 In one example, can generate a searchable index fields for the field including the user's social security number of the last four digits of searchable. 因此, 如果与用户相关联的数据记录具有社会保险号"001-23-4567",则可搜索的字段值可以是"4567",并且可搜索的字段索引值可以是"6bfe6d73n834fhj",其可表示利用可搜索的字段值和字段密钥所生成的HMAC。 Therefore, if you have a Social Security number and record data associated with the user, "001-23-4567" field value can search could be "4567", and the field searchable index value may be "6bfe6d73n834fhj", which may represent using HMAC key field value and searchable fields generated. 可搜索的字段索引可包括一个或多个敏感数据记录的可搜索的字段索引值。 Searchable index field may include one or more data records sensitive field searchable index value.

[0064] 在本发明的某些实施例中,可搜索的字段索引的格式可取决于该字段的敏感性。 [0064] In certain embodiments of the present invention, the field index is searchable format may depend on the sensitivity of the field. 例如,具有高敏感性的可搜索的字段(例如,用户的社会保险号的一部分)可被保护或模糊至比具有低敏感性的可搜索的字段(例如,用户的邮政编码的一部分)更高的程度。 For example, a field (for example, part of the user's social security number) can search with high sensitivity can be blurred to protect or higher than the field (for example, part of the user's zip code) searchable with a low sensitivity Degree. 在某些实施例中,图5的方法可被用于生成可搜索的字段索引。 In certain embodiments, the method of Figure 5 may be used to generate a searchable index field.

[0065] 图5示出了用于生成可搜索的字段的可搜索的字段索引的方法500。 [0065] FIG 5 illustrates a method searchable index field for generating searchable field 500. 在本发明的某些实施例中,方法500可作为方法400的步骤403的一部分来执行。 In certain embodiments of the present invention, the method 500 may be performed as part of step 403 of method 400.

[0066] 在步骤501处,数据加密计算机200确定可搜索的字段的敏感性。 [0066] At step 501, the computer 200 determines the sensitivity of the data encryption searchable fields. 在某些实施例中,可搜索的字段的敏感性可由数据加密计算机200的用户进行限定,或被包括在个人信息数据库200中。 In certain embodiments, the sensitivity of the search field may be a user computer 200 performs data encryption is defined, or included in the personal information database 200. 可搜索的字段的敏感性可包括对于字段的可搜索的字段值应当被保护到的程度的指示。 Sensitivity may search field may include a value field for the field to be searched can be protected to the extent indicated. 例如,用户的最后四位数字的可搜索的字段可被视为"非敏感的",因为该信息通常被视为公开地可用的且非个人可标识的。 For example, the last four digits of the user field of search may be considered to be "non-sensitive" because the information is generally considered to be publicly available and non-personally identifiable. 然而,用户的名和姓的可搜索的字段可被视为"敏感的",因为其可指示用户的身份,如果知道的话。 However, the user can search fields first and last name may be considered "sensitive", because it can indicate the user's identity, if known. 进一步,用户的完整社会保险号的可搜索的字段可被视为"高度敏感的",因为通常期望社会保险号被保密。 Further, the complete social security number field to search the user may be considered "highly sensitive" because it is often desirable social security number is confidential.

[0067] 在本发明的某些实施例中,可搜索的字段的敏感性可利用预定义的规则、标准或协议来确定。 [0067] In certain embodiments of the present invention, the sensitivity of the search field may be determined using predefined rules, standards or protocols. 例如,个人信息分析器模块212可用与个人信息的保护有关的官方(governmental)标准来配置。 For example, personal information can be used to configure the analyzer module 212 and the protection of personal information about the official (governmental) standard. 因此,个人信息分析器模块可以是可操作的以确定可搜索的字段的敏感性。 Accordingly, personal information may be sensitive analyzer module operable to determine a searchable field. 如果可搜索的字段是高度敏感的,则执行步骤502。 If the search field may be highly sensitive, step 502 is executed. 否则,如果可搜索的字段是敏感的,则执行步骤506。 Otherwise, if the field is searchable sensitive, step 506. 如果可搜索的字段是非敏感的,则执行步骤509。 If the field is non-sensitive searchable, step 509 is executed.

[0068] 当可搜索的字段被确定为高度敏感的时候,在步骤502处,数据加密计算机200生成可搜索的字段密钥以用于可搜索的字段。 [0068] When the search field may be determined to be highly sensitive to the time, at step 502, the data encryption key field computer 200 searches to generate fields for a search. 可搜索的字段密钥可以是任何加密密钥或其它秘密数据。 Searchable key fields can be any encryption keys or other confidential data. 例如,可搜索的字段密钥可以是对称密钥,诸如AES、DES或Blowfish。 For example, the key field search may be symmetric key, such as AES, DES or Blowfish.

[0069] 在步骤503处,数据加密计算机200利用可搜索的字段密钥生成每一可搜索的字段值的HMAC。 [0069] At step 503, the field data encryption key using the computer 200 may generate the search value for each field searchable HMAC. 在某些实施例中,HMC函数可利用公式HMAC(k,m) =V进行表示,其中k指的是可搜索的字段密钥,m指的是敏感数据记录的可搜索的字段值,并且V指的是经计算的HMAC。 In certain embodiments, the HMC function equation using HMAC (k, m) = V be, where k refers to the key field searchable, m refers to the sensitive data field value records may be searched, and V refers to the calculated HMAC. 例如,密钥k= " 123"可被用于生成表2中的SSN(最后4位)可搜索的字段的HMAC索引值。 For example, the key k = "123" in Table 2 may be used to generate the SSN (the last four) index value of the HMAC searchable fields. 在一个示例中,如果k=" 123"并且m= "4567",则HMACV可以是"6bfe6d73n834fhj"。 In one example, if k = "123" and m = "4567", it may be HMACV "6bfe6d73n834fhj". 在另一示例中,如果k= " 123" 并且m= "1143",则HMACV可以是"bd2b3j47x4po53t"。 In another example, if k = "123" and m = "1143", it may be HMACV "bd2b3j47x4po53t". 因此,可针对每一可搜索的字段值计算HMAC可搜索的字段索引值。 Thus, the value of the index field HMAC searchable fields may be calculated for each searchable value.

[0070] 在步骤504处,数据加密计算机200将每一HMAC可搜索的字段索引值存储在可搜索的字段索引中。 [0070] At step 504, computer 200 will encrypt the data field of each index field stores an index value may be searched HMAC searchable. 表3中的SSN(最后4位)索引示出了包括HMAC索引值的可搜索的字段索引的一个示例。 Table 3 SSN (last 4) shows an example of an index comprising index values ​​HMAC searchable index.

[0071] 在步骤505处,数据加密计算机200将可搜索的字段密钥发送至被授权使用可搜索的字段的客户。 [0071] At step 505, the data encryption key to the computer searchable field 200 is authorized to use to send searchable fields customer. 例如,对于SSN(最后4位)可搜索的字段,被授权利用用户的SSN的最后四位数字搜索的客户可被提供相应的可搜索的字段密钥。 For example, for the SSN (the last 4 bits) searchable fields, the client user is authorized to use the last four digits of SSN search may be provided corresponding to the key field searchable.

[0072] 当可搜索的字段被确定为敏感的时候,在步骤506处,数据加密计算机200确定可搜索的字段的混淆值(saltvalue)。 [0072] When the search field may be determined to be time-sensitive, at step 506, the computer 200 determines the data encryption confusion value field searchable (saltvalue). 该混淆值可以是任何适当的数据。 The confusion may be any suitable value data. 例如,在某些实施例中,该混淆值可以是与用户相关联的另一数据字段,诸如用户的用户名。 For example, in some embodiments, the value may be confused with another data field associated with the user, such as user name of the user. 在其它实施例中,该混淆值可以是随机数或伪随机数或预定义的字符串。 In other embodiments, the confusion may be a random value or pseudo-random or predefined string.

[0073] 在步骤507处,数据加密计算机利用该混淆值生成每一可搜索的字段值的散列。 [0073] At step 507, the computer data encryption using a hash value field for each of the confusion value generating searchable. 可利用任何适当的方式生成经混淆的(salted)散列。 It may generate obfuscated (salted) hash using any suitable manner. 例如,在某些实施例中,混淆的和可搜索的字段值可被附加,然后利用散列算法(诸如MD5、SHA-2或bcrypt)进行散列。 For example, in certain embodiments, the confusion field values ​​searchable and may be attached, and then using a hash algorithm (such as MD5, SHA-2, or bcrypt) hashing.

[0074] 在步骤508处,数据加密计算机200将每一散列可搜索的字段索引值存储在可搜索的字段索引中。 [0074] At step 508, computer 200 will encrypt the data field index field stores an index value for each hash can be searched for in the search. 表3中的姓名索引示出了包括散列的索引值的可搜索的字段索引的一个示例。 Table 3 shows the name of the index includes an index value of the hash one example of a searchable index field.

[0075] 当可搜索的字段被确定为非敏感的时候,在步骤509处,数据加密计算机200在可搜索的字段索引中将可搜索的字段值存储为明文或明码。 [0075] When the search field may be determined when the non-sensitive, at step 509, the field value is stored in the index field data encryption searchable computer 200 may be plain or plain text search. 表3中的PAN(最后4位)索引示出了包括散列的索引值的可搜索的字段索引的一个示例。 Table 3 PAN (last 4) shows an example of the index includes an index value of the hash index is searchable fields.

[0076] 表3示出了三个敏感数据记录和相关联的可搜索的字段索引的示例性表示。 [0076] Table 3 shows an exemplary three sensitive field index and data records associated searchable representation. 如所示,可搜索的字段索引可根据可搜索的字段的敏感性各自进行格式化。 As shown, the searchable index field may be formatted according to the sensitivity of each searchable fields. 例如,用户的姓名通常被视为敏感信息,因而利用SHA-2算法散列姓名可搜索的字段索引值。 For example, the user's name is generally considered sensitive information, thereby using the field index value of the hash algorithm SHA-2 may be the name of the search. 然而,PAN的最后4位数字通常不被视为敏感的,并因此以明文形式留下。 However, PAN is the last four digits are not usually regarded as sensitive, and thus leaving in clear text. 另外,SSN的最后4位数字被视为高度敏感的,并因此被计算为HMAC。 In addition, the last 4 digits of an SSN is considered highly sensitive, and therefore is calculated as HMAC. 示例性可搜索的字段索引值在表3中示出。 Field Exemplary searchable index values ​​are shown in Table 3. 应当注意, 散列和HMAC值被缩短以便于标识,并且在本发明的某些实施例中可以更长。 It should be noted that the hash HMAC value is shortened, and for identification purposes, and may be longer in some embodiments of the present invention.

Figure CN104704493AD00131

表3 table 3

[0077] 返回至图4,在步骤404处,数据加密计算机200利用数据库加密密钥加密敏感数据记录。 [0077] Back to FIG. 4, at step 404, the computer 200 using the data encryption key to encrypt sensitive data database encryption record. 数据库加密密钥可与"数据库解密密钥"相关联,该数据库解密密钥可使数据的加密过程逆反。 Database with the encryption key "Database decryption key" associated with a database decryption key data can reverse the encryption process. 在某些实施例中,数据加密计算机200可生成数据库加密密钥。 In certain embodiments, the data encryption database computer 200 may generate an encryption key. 替代地,数据加密计算机200可从另一计算设备接收数据库加密密钥。 Alternatively, the computer 200 may receive the encrypted data encryption key database from another computing device. 在某些实施例中,数据库可利用单个数据库加密密钥进行加密。 In certain embodiments, the database may be encrypted using a single encryption key database. 在其它实施例中,多个数据库加密密钥可被用于加密数据库。 In other embodiments, the plurality of databases can be used to encrypt the encryption key database. 例如,每一数据库加密密钥可与数据库行或列的子集相关联。 For example, each of the database encryption key database may be associated with a set or row sub-columns. 例如,第一数据库加密密钥可被用于加密具有以字母AM开始的用户标识符的敏感数据记录,而第二数据库加密密钥可被用于加密具有以字母OZ开始的用户标识符的敏感数据记录。 For example, a first encryption key database may be used to encrypt sensitive data records having the user identifier beginning with the letters AM, and the second encryption key database may be used to encrypt sensitive user having a starting letter identifier OZ data record. 在另一示例中,不同的数据库加密密钥可被用于加密各种敏感数据字段。 In another example, different databases can be used to encrypt the encryption key on sensitive data fields. 例如,包括用户的电话号码的敏感数据字段可利用第一加密密钥进行加密,并且包括用户的社会保险号的敏感数据字段可利用第二加密密钥进行加密。 For example, a user's telephone number including sensitive data fields may be encrypted using a first encryption key, and the user's social security number including sensitive data fields may be encrypted using a second encryption key. 在某些实施例中,某些客户端计算机可能未被提供有某些数据库解密密钥以限制对特定敏感数据字段的访问。 In certain embodiments, some client computers may not be provided with a certain database decryption keys to restrict access to certain sensitive data field. 例如,通过给客户端计算机提供第一解密密钥而非第二解密密钥,该客户端计算机可被给予对用户的电话号码的访问,而非对用户的社会保险号的访问。 For example, by providing a first rather than the second decryption key decryption key to the client computer, the client computer may be given access to the user's phone number, rather than access to the user's social security number.

[0078] 表4示出了三个经加密的数据记录和可搜索的字段索引的示例性表示。 [0078] Table 4 shows an exemplary three and records the encrypted data field indexes can be searched FIG. 如所示, 每一记录中的所有敏感数据字段被组合且被加密。 As shown, all sensitive data fields in each record are combined and are encrypted. 因此,没有获得解密密钥的情况下,该敏感数据是不可读的。 Therefore, when the decryption key is not obtained, the sensitive data is unreadable.

Figure CN104704493AD00141

表4 Table 4

[0079] 在步骤405处,数据加密计算机200将经加密的数据记录和可搜索的字段索引发送至可搜索的经加密的数据库300。 [0079] At step 405, the computer 200 transmits encrypted data encrypted to the searchable database 300 records the encrypted data and the searchable index field. 在某些实施例中,在不受信任的网络之上发送经加密的数据记录和可搜索的字段索引是可接受的,因为所有敏感信息已经被加密或被模糊化。 In certain embodiments, the transmitted encrypted data records and fields in the searchable index on the untrusted network is acceptable, because any sensitive information has been encrypted or obfuscated. 在某些实施例中,经加密的数据记录和可搜索的字段索引可经由数据库访问服务器106进行发送。 In certain embodiments, the encrypted data records and a searchable index field may be transmitted via a database access server 106.

[0080] 在步骤406处,数据加密计算机200将数据库解密密钥分配至被授权解密该数据库的客户端计算机101-104。 [0080] At step 406, the database 200 to encrypt the decryption key data allocated to the computer is authorized to decrypt the database client computers 101-104. 数据库解密密钥可以是与数据库加密密钥相同的密钥(例如, 在对称加密的情况下)或不同的密钥(例如,在非对称加密的情况下)。 Database decryption key may be encrypted with the same key from the key database (e.g., in the case of a symmetric encryption), or different keys (e.g., in the case of asymmetric cryptography). 被授权解密该数据库的客户端计算机的确定可利用用户认证模块211或任何其它适当的方式来作出。 Determining the client computer is authorized to decrypt the database can be made using the user authentication module 211, or any other suitable manner. 在使用多个数据库加密密钥的实施例中,数据加密计算机200可仅将每一相应的解密密钥分配至被授权使用该密钥的客户端计算机。 In embodiments using a plurality of encryption keys in the database, the data encryption computer 200 may only each respective decryption keys assigned to the key is authorized to use the client computer. III.示例性可搜索的经加密的数据库使用方法 III. Exemplary encrypted searchable database using method

[0081] 图6示出了用于搜索和解密经加密的数据记录的方法600。 [0081] FIG. 6 illustrates a method 600 for searching and decrypting the encrypted data record. 典型地,可在已生成可搜索的经加密的数据库300并且密钥已经被传送至经授权的客户之后执行方法600。 Typically, the database may be encrypted searchable generated and the key 300 of method 600 is performed after it has been transmitted to authorized clients.

[0082] 在步骤601处,客户端计算机101确定对可搜索的经加密的数据库300的搜索的搜索参数。 [0082] At step 601, the client computer 101 determines the search parameters the encrypted database searchable 300. 搜索参数可包括包含用于从可搜索的经加密的数据库300检索经加密数据记录的一个或多个可搜索的字段值或其它参数的逻辑表达。 Search parameters may include a logical expression containing one or more retrieving the encrypted data from the encrypted record searchable database 300 may search for the field values ​​or other parameters. 例如,用户"JohnSmith"的记录可通过提供对应于他的姓名的第一可搜索的字段值"JohnSmith"以及对应于他的信用卡号码的最后4位数字的第二可搜索的字段值"4567"来进行检索。 For example, a user "JohnSmith." Record field values ​​provided by the field value "4567" of a second search for "JohnSmith." And the last 4 digits corresponding to his credit card number corresponds to the first search his name be retrieved. 搜索参数可包括任意数量的可搜索的字段值和/或其逻辑组合。 Search parameters may include field values ​​and / or any number of logical combinations searchable. 在某些实施例中,搜索参数可包括布尔表达式(例如,具有与、或和非逻辑运算符)。 In certain embodiments, the search parameters may include Boolean expression (e.g., having, OR, and NOT logical operators). 在一个示例中,搜索参数可被用于检索其中航运邮政编码是94111且账单邮政编码不是94111的记录。 In one example, the search parameters may be used to retrieve wherein shipping and billing zip code is 94111 ZIP code 94111 is not recorded.

[0083] 在步骤602处,客户端计算机101确定搜索参数的可搜索的字段索引值。 [0083] The search parameters determined in step 602, the client computer 101 may be searchable index field. 在本发明的某些实施例中,这些索引值可通过确定可搜索的字段的格式来生成。 In certain embodiments of the present invention, these index values ​​may be determined by the format field may be generated search. 在某些实施例中, 可由客户端计算机101执行方法500以确定适当的格式。 In certain embodiments, the method may be performed by the client computer 101,500 to determine the appropriate format. 在其它实施例中,该格式可被预定义,诸如在对象关系模型(ORM)中进行预定义。 In other embodiments, the format can be predefined, such as predefined object relationship model (ORM) in.

[0084] 例如,对于搜索参数"JohnSmith"和"4567",相应的可搜索的字段索引值可分别是"ef61a579c907bbed674c0"(利用姓名的SHA-2散列生成)和"4567"(最后四位数字的明文)。 [0084] For example, the search parameters "JohnSmith." And "4567", the corresponding field index value may be searched are "ef61a579c907bbed674c0" (name using SHA-2 hash generation), and "4567" (the last four digits plaintext).

[0085] 在步骤603处,客户端计算机101将可搜索的字段索引值发送至可搜索的经加密的数据库300。 [0085] At step 603, the client computer 101 can search for a field index value is sent to the encrypted searchable database 300. 这些索引值可在不安全的连接之上被发送,因为它们不可被数据库或任何第三方译码。 These index values ​​can be sent over the insecure connection, because they can not be decoded or any third party database. 在本发明的某些实施例中,这些索引值可作为SQL查询的一部分进行发送。 In certain embodiments of the present invention, these index values ​​may be sent as part of the SQL query. 因此,该搜索可由支持SQL查询的任何标准的数据库来提供服务。 Therefore, the search may be supported by any standard SQL database queries to provide services.

[0086] 在步骤604处,可搜素经加密数据库300利用所接收的索引值检索经加密的数据记录。 [0086] At step 604, the pixel data may be recorded by the search index 300 to retrieve the encrypted database is encrypted using the received. 在某些实施例中,经加密的数据记录可被检索其是否匹配所有指定索引值。 In certain embodiments, the encrypted data may be retrieved records which match all of the specified index value. 例如,对于表4的可搜索的经加密的数据库,对应于用户的姓名的索引值"ef61a579c907bbed674c0"和对应于用户的PAN的最后4位数字的索引值"6789"可匹配经加密的数据记录"b0a922f14604703134cba8f3dfal903c738d9clee7 …"。 For example, Table 4 encrypted searchable database, corresponding to the user name index value "ef61a579c907bbed674c0" and corresponding to the user of the PAN last 4 digits of an index value of "6789" matches the encrypted data record " b0a922f14604703134cba8f3dfal903c738d9clee7 ... ".

[0087] 在步骤605处,可搜索的经加密的数据库300将经加密的数据记录发送至客户端计算机101。 [0087] At step 605, the encrypted database 300 may be sent to the search client computer 101 records the encrypted data. 由于同样保护经加密的数据记录免于破解(compromise),因而它们可在不安全的连接上被传输。 Since the same protection from the encrypted data recorded cracks (compromise), so that they can be transmitted over an insecure connection.

[0088] 在步骤606处,客户端计算机101利用数据库解密密钥解密经加密的数据记录以确定敏感数据记录。 [0088] At step 606, the client computer 101 using a decryption key database decrypt the encrypted sensitive data records to determine a data record. 典型地,客户端计算机101先前可能已经接收数据库解密密钥,诸如在方法400的步骤406期间。 Typically, the client computer 101 may have previously received the decryption key database, such as during step 400 of the method 406. 例如,可解密经加密的数据记录"b0a922f14604703134cba8f3df al903c738d9clee7…"以确定如表1中所示的jsmith45的敏感数据记录。 For example, decrypt the encrypted data record "b0a922f14604703134cba8f3df al903c738d9clee7 ..." to determine how sensitive the data recording jsmith45 shown in Table 1 as. IV.示例性支付处理系统和方法 IV. Exemplary payment processing systems and methods

[0089] 图7示出了根据本发明的实施例的使用可搜索的经加密的数据库300的示例性系统。 [0089] FIG. 7 illustrates an exemplary database system 300 using encrypted according to an embodiment of the present invention may be searchable. 该系统包括可操作便携式用户设备701的用户(未示出)。 The system 701 includes a user operable portable user device (not shown). 用户可在连接至商家计算机702的访问设备(未示出)处利用便携式设备701来进行购买交易。 The user may make a purchase using a portable device 701 connected to a merchant computer access device 702 (not shown) at the. 商家计算机702可被连接至收单方计算机703。 Merchant computer 702 may be connected to acquirer computer 703. 收单方计算机703可经由支付处理网络704被连接至发行方计算机705。 704 acquirer computer 703 may be connected to an issuer computer 705 via the payment processing network. 支付处理网络704还可被连接至可搜索的经加密的数据库300。 Payment processing network 704 may also be connected to the encrypted searchable database 300. 可搜索的经加密的数据库300还可被连接至服务中心计算机706。 Encrypted searchable database 300 may also be connected to the service center computer 706.

[0090] 如本文中所使用的,"服务中心计算机"通常可指代客户端计算机或提供对用户信息的可搜索的经加密的数据库300的访问的其它计算设备。 Other computing devices to access the [0090] As used herein, a "service center computer" may generally refer to a client computer or provide information to the user encrypted searchable database 300. 在本发明的某些实施例中,月艮务中心计算机706可被用于为用户账户、交易或与用户有关的其它活动提供服务。 In certain embodiments of the present invention, on a central computer that works to 706 it may be used as a user account, transaction or other activities related to the user service. 例如,在一个实施例中,服务中心计算机可由维持用户的账户的发行方来操作。 For example, in one embodiment, the service center computer may maintain a user account issuer operates.

[0091] 如本文中所使用的,"发行方"通常可指代维持用户的金融账户并且经常向用户发行诸如信用卡或借记卡之类的便携式用户设备701的商业实体(例如,银行)。 [0091] As used herein, the "issuer" usually refer to maintain the user's financial accounts and often issued 701 commercial entity such as a portable user device class credit or debit card (for example, banks) to the user. "商家"通常是从事交易并可出售商品或服务的实体。 "Merchant" is usually engaged in trading and selling goods or services entity. "收单方"通常是与特定商家或其它实体具有商业关系的商业实体(例如,商业银行)。 "Acquirer" is typically a business entity that has a business relationship with a particular merchant or other entity (eg, commercial banks). 一些实体可执行发行方和收单方两者功能。 Some entities can perform both issuer and acquirer functions. 某些实施例可涵盖这种单实体发行方-收单方。 Certain embodiments may encompass such single entity issuer - acquirer. 这些实体(例如,商家计算机702、收单方计算机703、支付处理网络704和发行方计算机705)中的每一个可包括使得通信成为可能或执行本文中所描述的功能中的一个或多个的一个或多个计算机装置。 These entities (e.g., merchant computer 702, acquirer computer 703, a payment processing network 704 and issuer computer 705) may comprise each of such a communication may be performed or described herein in one or more of the functions of or more computer devices.

[0092] 支付处理网络704可包括用于支持和递送证书授权服务、授权服务、异常文件服务以及清算与结算服务的数据处理子系统、网络和操作。 [0092] The payment processing network 704 may include a Certificate Authority service support and delivery, authorization services, exception file services and data processing subsystem clearing and settlement services, and network operations. 示例性支付处理网络可包括VisaNet™。 An exemplary payment processing network may include VisaNet ™. 诸如VisaNet™之类的支付处理网络能够处理信用卡交易、借记卡交易、以及其它类型的商业交易。 Such as VisaNet ™ payment processing network capable of processing credit card transactions, debit card transactions, and other types of commercial transactions. 具体而言,VisaNet™包括处理授权请求的VIP系统(Visa集成的支付系统)以及执行清算与结算服务的BaseII系统。 Specifically, VisaNet ™ include VIP treatment system (Visa Integrated Payment System) authorization request and perform clearing and settlement services BaseII system.

[0093] 支付处理网络704可包括一个或多个服务器计算机。 [0093] The payment processing network 704 may include one or more server computers. 服务器计算机通常是功能强大的计算机或计算机群。 The server computer is typically a powerful computer or cluster of computers. 例如,服务器计算机可以是大型机,小型计算机群,或起单元作用的服务器组。 For example, the server computer can be a mainframe, a minicomputer cluster, or a group from the server function unit. 在一个示例中,服务器计算机可以是耦合至Web服务器的数据库服务器。 In one example, the server computer may be coupled to the Web server database server. 支付处理网络704可使用任何适当的有线或无线网络,包括因特网。 The payment processing network 704 may use any suitable wired or wireless networks, including the Internet.

[0094] 在典型的支付交易中,用户利用便携式用户设备701在商家702处购买商品或服务。 [0094] In a typical payment transaction, the user using the portable user device 701 to purchase goods or services at the merchant 702. 用户的便携式用户设备701可以和与商家计算机702相关联的商家处的访问设备交互。 The portable user device 701 can access the user's device interaction at the merchant and the merchant computer 702 is associated. 例如,用户可对着访问设备702中的NFC读取器来分接(tap)便携式用户设备701。 For example, a user may access device 702 against the NFC reader to tap (TAP) a portable user device 701. 替代地,诸如在在线交易中,用户可电子地向商家指示支付细节。 Alternatively, such as in an online transaction, the user can electronically payment details to the merchant indication.

[0095] 授权请求消息是由访问设备生成并且随后被转发至收单方计算机703。 [0095] The authorization request message is generated by the access device and then forwarded to the acquirer computer 703. 在接收到授权请求消息之后,该授权请求消息随后被发送至支付处理网络704。 After receiving the authorization request message, the authorization request message is then sent to a payment processing network 704. 支付处理网络704随后将授权请求消息转发至与便携式用户设备701的发行方相关联的相应的发行方计算机705〇 Corresponding issuer computer of an issuer associated with payment processing network 704 then forwards the authorization request message to the portable user device 701 705〇

[0096] "授权请求消息"可以是被发送至支付处理网络和/或支付卡的发行方以请求针对一交易的授权的电子消息。 [0096] "authorization request message" can be sent to the issuer payment processing network and / or payment card to request authorization for electronic messages of a transaction. 根据某些实施例的授权请求消息可符合ISO8583,该ISO8583 是交换与一支付相关联的电子交易信息的系统的标准,该支付由利用支付设备或支付账户的用户作出。 According to certain embodiments the authorization request message may conform to ISO8583 embodiments, the ISO8583 standard exchange system with an electronic payment transaction information associated with the payment made by the user with the payment account or payment device. 授权请求消息可包括可与支付设备或支付账户相关联的发行方账户标识符。 The authorization request message may include a payment or payment device may be associated with the account issuer account identifier. 授权请求消息还可包括对应于"标识信息"的附加数据元素,该标识信息包括,仅以示例的方式:服务代码、CW(卡验证值)、dCW(动态卡验证值)、有效期等。 The authorization request message may further comprise corresponding to the "identification information" additional data element, the identification information includes, by way of example only: service code, the CW (card verification value), DCW (dynamic card verification value), expiration date. 授权请求消息还可包括"交易消息",诸如与当前交易相关联的任何信息,诸如交易金额、商家标识符、商家位置等,以及可被用在确定是否标识和/或授权一交易中的任何其它信息。 The authorization request message may further include a "transaction message", any such any information associated with the current transaction, such as transaction amount, merchant identifier, merchant location, and may be used in determining whether the identification and / or authorization of a transaction Other Information. 授权请求消息还可包括其它信息,诸如标识生成授权请求消息的访问设备的信息、关于访问设备的位置的信息等。 The authorization request message may also include other information, such as information identifying the access device generates the authorization request message, information about the location of the access device and the like.

[0097] 在发行方计算机705接收到授权请求消息之后,发行方计算机705将授权响应消息发送回支付处理网络704以指示当前交易是否被授权(或不被授权)。 [0097] After the issuer computer 705 receives the authorization request message, issuer computer 705 an authorization response message back to the payment processing network 704 to indicate whether the current transaction is authorized (or not authorized). 在某些实施例中, 发行方计算机705可检查测试交易分以确定当前交易是否应被授权。 In certain embodiments, the issuer computer 705 can be checked to determine the current test transactions, whether the transaction should be authorized. 支付处理网络704随后将授权响应消息转发回收单方703。 The payment processing network 704 then forwards the authorization response message unilateral recovered 703. 在某些实施例中,例如取决于欺诈风险分或测试交易分的值,即使发行方计算机705已授权了交易,支付处理网络704仍可拒绝该交易。 In some embodiments, for example, depending on the risk of fraud or sub-division of the transaction value of the test, even if the issuer computer 705 has authorized the transaction, payment processing network 704 can still deny the transaction. 收单方703随后将响应消息发送回商家计算机702。 The acquirer 703 then sends a response message back to the merchant computer 702.

[0098] "授权响应消息"可以是由发行金融机构或支付处理网络生成的对授权请求消息的电子消息回复。 [0098] "authorization response message" can be generated by the issuing financial institution or payment processing network authorization request message to an electronic message reply. 通过示例的方式,授权响应消息可包括下列状态指示器中的一个或多个: "批准"一指示交易得到批准;"拒绝"一指示交易未被批准;或"呼叫中心"一指示响应因需更多信息而待决且商家必须呼叫免费授权电话号码。 By way of example the response message, the authorization status indicator may comprise the following one or more of: "approved" indicating a transaction has been approved; "rejection" indicates a transaction is not approved; or "call center" indicating a response required by For more information pending and authorized merchants must call free phone number. 授权响应消息还可包括授权代码,该授权代码可以是信用卡发行银行响应于授权请求消息以电子消息向商家的访问设备(例如,POS设备)返回的(直接地或通过支付处理网络)指示交易的批准的代码。 Authorization response message may also include an authorization code, the code can be authorized issuer of credit cards in response to the authorization request message to an electronic message returned to the merchant's access device (eg, POS device) (either directly or through a payment processing network) indicating the transaction approval code. 该代码可用作授权的证据。 The code can be used as evidence of authorization. 如前面提到的,在某些实施例中,支付处理网络可生成授权响应消息或将该授权响应消息转发至商家。 As previously mentioned, in some embodiments, the payment processing network can generate an authorization response message or the message forwarded to the merchant authorization response.

[0099] 在商家计算机703接收到授权响应消息之后,耦合至商家计算机的访问设备1502 随后可向用户提供授权响应消息。 [0099] After the merchant computer receives the authorization response message 703, merchant computer coupled to the access device 1502 may then provide the authorization response message to the user. 响应消息可被显示在非接触式访问设备上或可在收据上被打印出来。 Response message may be displayed on the access device or the non-contact may be printed on the receipt. 替代地,如果该交易是在线交易,则商家可提供授权响应消息的网页或其它指不O Alternatively, if the transaction online transaction, the merchant may provide the authorization response message page or other means not O

[0100] 在一天结束时,正常的清算与结算过程可由支付处理网络704进行。 [0100] at the end of the day, the normal clearing and settlement process can be a payment processing network 704. 清算过程是在收单方和发行方之间交换金融明细以便于对消费者的支付账户的交易的过账和用户的结算位置的对账的过程。 Liquidation process between the acquirer and the issuer exchange financial details to facilitate the posting and the user's transactions on the consumer's payment account reconciliation process of settlement positions.

[0101] 在本发明的某些实施例中,便携式用户设备701、商家计算机702、收单方计算机703、支付处理网络704和发行方计算机705可将数据保存至可搜索的经加密的数据库300。 [0101] In certain embodiments of the present invention, the portable user device 701, merchant computer 702, acquirer computer 703, a payment processing network 704 and the issuer computer 705 may be encrypted save data to the searchable database 300.

[0102] 例如,本发明的某些实施例可被用于将用户的支付数据和其它账户数据保存至可搜索的经加密的数据库300。 [0102] For example, certain embodiments of the present invention can be used to store user data and other payment account data to be encrypted 300 searchable database. 随着支付交易正被收单方计算机703、支付处理网络704和/ 或发行方计算机705处理,其可被保存至可搜索的经加密的数据库300。 With the payment transaction is being acquirer computer 703, a payment processing network 704 and / or 705 process issuer computer, which can be saved to the encrypted searchable database 300. 因此,可搜索的经加密的数据库可包括由用户进行的交易和其它账户信息。 Therefore, the encrypted searchable database can include transactions made by users and other account information. 在一个示例中,发行方可将消费者服务外包给第三方服务中心。 In one example, the issuer may be outsourced to third-party service customer service center. 发行方可将经加密的账户记录保存至可搜索的经加密的数据库300并且给服务中心计算机提供访问该数据库所需的任何数据库解密密钥和可搜索的字段密钥。 The issuer may record the encrypted account to save encrypted searchable database 300 and provides access to any database decryption key and the key field searchable database required for the computer to the service center. 服务中心处的代表可针对各种账户管理问题(诸如将交易报告为欺诈性的、 改变账户信息等)联系用户和被用户联系。 Representatives at the service center can be contacted contact the user and user account management for a variety of issues (such as the transaction is reported as fraudulent, changing account information, etc.). 因此,一代表可利用服务中心计算机706来连接至可搜索的经加密的数据库300以检索各种用户信息并服务用户。 Thus, a service representative may use the central computer 706 to various user database 300 to retrieve the encrypted information is connected to a searchable and service user.

[0103] 图8描述了服务中心计算机706从可搜索的经加密的数据库300检索用户的账户信息的方法800。 [0103] Figure 8 depicts a method from the service center computer 706 the account information database 300 to retrieve the user's encrypted searchable 800. 在某些情况下,用户可与操作服务中心计算机706的代表打电话或进行语音聊天。 In some cases, the user may operate a service center computer 706 on behalf of a call or voice chat. 替代地,在某些情况下,用户可与服务中心计算机706交互作用,诸如如果用户连接至利用服务中心计算机706托管的网站的话。 Alternatively, in some cases, the user can interact with the service center computer 706, such as if the user is connected to a computer using the 706 service center sites hosted words.

[0104] 在步骤801处,用户给服务中心计算机706提供标识信息。 [0104] In step 801, the user provides identification information to the service center computer 706. 标识信息可包括适用于从可搜索的经加密的数据库检索用户的经加密账户记录的任何信息。 Identification information may include any information suitable for the user to retrieve records from the database of searchable encrypted encrypted account. 例如,用户可给服务中心计算机提供姓名、地址、社会保险号或任何其它适当的信息。 For example, a user may provide your name, address, social security number, or any other appropriate information to the service center computer.

[0105] 在步骤802处,服务中心计算机706确定与标识信息相关联的索引值。 [0105] At step 802, the service center computer 706 to determine the index value associated with the identification information. 索引值可由任何适当的方式(诸如针对方法600的步骤602所描述的那些)来生成。 Index by any suitable manner (such as those described with respect to step 602 of method 600) is generated. 在某些实施例中,发行方计算机705可发送给服务中心计算机706可搜索的经加密的数据库300的模式(schema)或格式的其它规范。 In certain embodiments, issuer computer 705 may transmit to the mode (schema) encrypted service center computer 706 may search the database 300 or other canonical format. 例如,发行方计算机705可发送描述可搜索的经加密的数据库300的结构的数据库模式。 For example, issuer computer 705 may send a description of the structure of the database schema encrypted searchable database 300.

[0106] 在步骤803处,服务中心计算机将经确定的索引值发送至可搜索的经加密的数据库300。 [0106] At step 803, the service center computer to the determined index value to the encrypted searchable database 300.

[0107] 在步骤804处,可搜索的经加密的数据库300检索匹配所接收的索引值的经加密的账户记录。 [0107] In the encrypted account record index value 804, the encrypted searchable database 300 retrieves the received matching step. 在本发明的某些实施例中,如果检索到多个经加密的账户记录,则可搜索的经加密的数据库300可提示服务中心计算机706传送附加标识信息。 In certain embodiments of the present invention, if a plurality of the retrieved account record encrypted, the encrypted database 300 may be searched for a service center computer 706 may prompt the transmitting additional identifying information. 因此,可重复步骤801-804直到接收到足够的索引值来标识单个经加密的账户记录。 Accordingly, steps 801-804 may be repeated until a sufficient index to identify a single encrypted account records. 如果没有账户记录匹配所提供的索引值,则可搜索的经加密的数据库300可向服务中心计算机706指示故障。 If the index does not account records match the value provided, an encrypted database can be searched 300 706 may indicate a fault to the service center computer.

[0108] 在步骤805处,可搜索的经加密的数据库300将经加密的账户记录发送至服务中心计算机706。 [0108] At step 805, the encrypted searchable database 300 transmits the encrypted account record 706 to the service center computer. 在步骤806处,服务中心计算机706利用数据库解密密钥解密经加密的账户记录以确定用户的账户信息。 At step 806, the service center computer 706 decrypts the encrypted account record to determine a user's account information database using a decryption key. 一旦确定了用户的账户信息,则可服务用户。 Once the user's account information, you can service users. V. 示例性计算机装置 V. Exemplary computer apparatus

[0109] 图16示出了卡片的形式的支付设备901"的示例。如所示,支付设备901"包括塑料衬底901 (m)。 [0109] FIG. 16 shows an "example. As shown, the payment device 901" in the form of a card payment device 901 comprises a plastic substrate 901 (m). 在某些实施例中,用于与访问设备相接的非接触式元件901 (〇)可存在于塑料衬底901 (m)上或嵌入于其中。 In certain embodiments, the access device for contact with a non-contact element 901 (square) may be present on the plastic substrate 901 (m) or embedded therein. 诸如账号、有效期和/或用户姓名之类的用户信息901 (p) 可被印刷或压印在卡上。 Such as account number, expiration date and / or the user's name or the like of user information 901 (p) may be printed or embossed on the card. 磁条901(n)也可在塑料衬底901(m)上。 Stripe 901 (n-) may also be (m) on a plastic substrate 901. 在某些实施例中,支付设备901"可包括其中存储有用户数据的微处理器和/或存储器芯片。 In certain embodiments, the payment device 901 "can include user data stored therein a microprocessor and / or memory chip.

[0110] 如前面提到的和图9中所示,支付设备901"可包括磁条901 (n)和非接触式元件901(〇)两者。在某些实施例中,磁条901 (n)和非接触式元件901 (〇)两者均可在支付设备901"中。 And as shown in [0110] the aforementioned FIG. 9, the payment device 901 "can include both (square) magnetic stripe 901 (n-) and non-contact element 901. In some embodiments, the magnetic stripe 901 ( n) 901 and non-contact element (square) in both the payment device 901 may be "in the. 在某些实施例中,磁条901 (n)或非接触式元件901 (〇)可存在于支付设备901" 中。 In certain embodiments, the magnetic stripe 901 (n-) or non-contact element 901 (square) may be present in the payment device 901 "in the.

[0111] 图10是可被用于实现以上所描述的实体或部件中的任何一个的计算机系统的高级别框图。 [0111] FIG. 10 is a high level block diagram may be used to implement any entity or a computer system components described above in FIG. 图10中所示的子系统经由系统总线1075进行互连。 The subsystems shown in FIG. 10 are interconnected via a system bus 1075. 附加子系统包括打印机1003、键盘1006、固定的盘片1007和监视器1009,该监视器1009耦合至显示适配器1004。 Additional subsystems including a printer 1003, a keyboard 1006, fixed disk 1007 and a monitor 1009, 1009 is coupled to the monitor 1004 display adapter. 耦合到I/O控制器1000的外围设备和输入/输出(I/O)设备可通过诸如串行端口之类的本领域已知的任意数量的装置连接到计算机系统。 Coupled to I / O controller 1000. Peripherals and input / output (I / O) devices can be connected to the computer system via the serial port in the art such as such any number of known means. 例如,串行端口1005或外部接口1008可被用于将计算机装置连接到诸如因特网之类的广域网、鼠标输入设备、或者扫描仪。 For example, a serial port 1005 or external interface 1008 may be used to connect the computer device to the wide area network such as the Internet, a mouse input device, or a scanner. 经由系统总线1075的互连允许中央处理器1002与每一子系统通信,并控制来自系统存储器1001 或固定的盘片1007的指令的执行以及各子系统之间的信息交换。 It allows the central processor via a system bus 1075 interconnects each subsystem 1002 communicates with, and controls the exchange of information between various subsystems and executed from system memory 1001 or fixed disk 1007 of the instruction is. 系统存储器1001和/或固定的盘片可以包含计算机可读介质。 The system memory 1001 and / or fixed disk may comprise a computer-readable medium. VI. 附加实施例 VI. Additional embodiments

[0112] 本发明的一个实施例公开了包括客户端计算机和数据库访问服务器的系统。 An embodiment [0112] The present invention discloses a system comprising a client computer and database access server. 数据库访问服务器包括处理器和非瞬态计算机可读存储介质,所述非瞬态计算机可读存储介质包括可由处理器执行以用于实现一种方法的代码,所述方法包括:接收可搜索的字段索引的一个或多个索引值,其中索引值是利用用户的个人信息生成的;利用索引值检索一个或多个经加密的数据记录;以及发送所述一个或多个经加密的数据记录。 Database access server includes a processor and a non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium comprising code executable by the processor to implement a method, the method comprising: receiving a searchable one or more index values ​​of the field index, wherein the index values ​​are generated using the user's personal information; using the index value to retrieve the one or more encrypted data record; and transmitting the encrypted one or more data records. 数据加密计算机包括处理器和非瞬态计算机可读存储介质,所述非瞬态计算机可读存储介质包括由处理器执行以用于实现一种方法的代码,所述方法包括:发送一个或多个索引值;接收一个或多个经加密的数据记录;以及解密一个或多个经加密的数据记录。 The computer includes a processor and a data encryption non-transitory computer-readable storage medium, the non-transitory computer-readable storage medium comprising executable by the processor for implementing a method code, the method comprising: transmitting one or more index value; receiving one or more encrypted data record; and decrypting one or more encrypted data record.

[0113] 如所描述的,创造性服务可涉及实现一个或多个功能、过程、操作或方法步骤。 [0113] As described, the inventive service may involve implement one or more functions, procedures, operations, or method steps. 在某些实施例中,可作为通过适当编程的计算设备、微处理器、数据处理器等等执行一组指令或软件代码的结果而实现功能、过程、操作或方法步骤。 In certain embodiments, as a result of executing a set of instructions by software code or a suitably programmed computing device, a microprocessor, a data processor, etc. and implement the functions, processes, operations, or method steps. 此组指令或软件代码可被存储在存储器或由计算设备、微处理器等访问的其它形式的数据存储元件中。 This set of instructions or software codes may be stored in a memory or other form of computing device, a microprocessor access to data storage element. 在其它实施例中,功能、过程、操作或方法步骤可由固件或专用处理器、集成电路等来实现。 In other embodiments, functions, procedures, operations, or firmware, or method steps may be special purpose processors, integrated circuits or the like.

[0114] 应该理解,如上文所描述的本发明可以使用计算机软件以模块化或集成的方式以控制逻辑的形式来实现。 [0114] It should be understood that the present invention may be as hereinbefore described using computer software in a modular or integrated manner in the form of control logic implemented. 基于本发明以及此处所提供的原理,那些精通本技术的普通人员将知道和理解使用硬件以及硬件和软件的组合来实现本发明的其他方式和/或方法。 The present invention is based on the principle and provided herein, those of ordinary skill in the art will know and understand the use of hardware and a combination of hardware and software be implemented in other ways and / or methods of the invention.

[0115] 在本申请中描述的任何软件组件或功能可被实现为将由处理器执行的使用例如常规或面向对象技术、使用例如Java、C++、或Perl的任何适当计算机语言的软件代码。 [0115] Any of the software components or functions described in this application may be implemented using, for example, conventional or object-oriented techniques, for example, software code in any suitable computer language, Java, C ++, Perl, or by the processor. 软件代码可作为一系列指令或命令存储在诸如随机存取存储器(RAM)、只读存储器(ROM)、磁介质(诸如硬盘驱动器或软盘)或光学介质(诸如⑶-ROM)之类的计算机可读介质上。 The software codes may be stored as a series of instructions or commands such as a random access memory (RAM), a read only memory (ROM), magnetic media (such as a hard drive or a floppy disk) or optical media (such as a ⑶-ROM) of a computer or the like reading the media. 任何这样的计算机可读介质都可以驻留在单一计算设备内,并可以在系统或网络内的不同的计算设备上存在。 Any such computer-readable media may reside within a single computing device, and may be present within the system or network on different computing devices.

[0116] 尽管已详细描述并在附图中示出了某些示例性实施例,但是可以理解,此类实施例仅仅是对宽泛的本发明的说明而不旨在对其进行限制,并且本发明不限于所示及所述的具体安排和构造,因为对本领域的普通技术人员而言可发生各种其它的修改。 [0116] Although described in detail and illustrated in the drawings certain exemplary embodiments, it will be understood that such embodiments are merely illustrative of the present invention is broad and not intended to be limiting, and the present and the invention is not limited to the specific arrangements and constructions shown and, as those of ordinary skill in the art that various other modifications may occur.

[0117] 如本文所使用的,对"一"、"一个"或"该"的使用旨在表示"至少一个",除非具体指明为相反情况。 [0117] As used herein, "a", "an" or "the" is intended to mean "at least one", unless specifically indicated to the contrary.

Claims (17)

  1. 1. 一种数据加密计算机,包括: 处理器;以及非瞬态计算机可读存储介质,包括可由所述处理器执行以用于实现一种方法的代码, 所述方法包括: 接收包括不同用户的个人信息的多个敏感数据记录; 标识所述敏感数据记录的一个或多个可搜索的字段,其中,每一个可搜索的字段与用户的个人信息的子集相关联; 生成所述一个或多个可搜索的字段中的每一个的可搜索的字段索引; 利用数据库加密密钥来加密所述敏感数据记录。 1. A data encryption computer, comprising: a processor; and a non-transitory computer-readable storage medium comprising codes executable by the processor to implement a method, the method comprising: receiving a user different a plurality of sensitive personal information data records; one or more searchable fields identifying the sensitive data records, wherein each of a subset of the personal information and the user can search for a field is associated; generating the one or more each field searchable index field in a searchable; database using an encryption key to encrypt said sensitive data records.
  2. 2. 如权利要求1所述的数据加密计算机,其特征在于,所述方法进一步包括: 通过所述处理器将经加密的数据记录和所生成的索引发送至可搜索的经加密的数据库。 2. The data encryption computer according to claim 1, characterized in that, said method further comprising: transmitting the encrypted data and index records are generated to be encrypted by the processor, a database search.
  3. 3. 如权利要求1所述的数据加密计算机,其特征在于,每一个可搜索的字段索引的格式依赖于所述可搜索的字段的敏感性。 The computer data encryption as claimed in claim 1, characterized in that each field index searchable format depends on the sensitivity of the searchable fields.
  4. 4. 如权利要求3所述的数据加密计算机,其特征在于,生成一个或多个索引包括: 当可搜索的字段是高度敏感的时候,将所述可搜索的字段的格式确定为基于散列的消息认证码(HMAC);以及利用可搜索的字段密钥来生成所述可搜索的字段的HMAC。 4. The computer data encryption according to claim 3, characterized in that, to generate one or more indexes include: when the search field may be highly sensitive time, the format field of the search may be determined based on the hash message authentication code (the HMAC); searchable using a key field and to generate a searchable fields HMAC.
  5. 5. 如权利要求4所述的数据加密计算机,其特征在于,生成一个或多个索引进一步包括: 将所述可搜索的字段密钥发送至被授权利用所述可搜索的字段进行搜索的一个或多个客户。 The data encryption 5. The computer according to claim 4, characterized in that, to generate one or more indexes further comprises: transmitting the key field to field is searchable using the searchable authorizing a search is performed or more clients.
  6. 6. 如权利要求1所述的数据加密计算机,其特征在于,所述方法进一步包括: 将所述数据库加密密钥传送至被授权解密经加密的数据记录的一个或多个客户。 6. The data encryption computer according to claim 1, characterized in that, said method further comprising: transmitting the encryption key to the database are authorized to decrypt an encrypted data record or a plurality of clients.
  7. 7. -种计算机实现的方法,包括: 通过处理器接收用户的个人信息; 通过所述处理器利用所述个人信息生成一个或多个索引值,每一个索引值与可搜索的字段索引相关联; 通过所述处理器发送所述一个或多个索引值; 通过所述处理器接收匹配所述索引值的一个或多个经加密的数据记录;以及通过所述处理器利用数据库解密密钥来解密所述经加密的数据记录。 7. - computer-implemented method of species, comprising: receiving a user's personal information by a processor; using the personal information by the processor, generates one or more index values, each index value may be searched and the field index associated ; transmitting by the processor, the one or more index values; receiving a match the index value of one or more data records encrypted by the processor; and a decryption key by using the database processor decrypting the encrypted data record.
  8. 8. 如权利要求7所述的计算机实现的方法,其特征在于,进一步包括: 从数据加密计算机接收所述数据库解密密钥。 Said computer-implemented method as claimed in claim 7, characterized in that, further comprising: receiving the encrypted data from the decryption key database computer.
  9. 9. 如权利要求7所述的计算机实现的方法,其特征在于,每一个可搜索的字段索引的格式是利用相应的可搜索的字段的敏感性来确定的。 9. The computer-implemented method as claimed in claim 7, wherein each field of the index may be searched using the format field corresponding to the sensitivity of searchable determined.
  10. 10. 如权利要求7所述的计算机实现的方法,其特征在于,所述索引值中的至少一个是基于散列的消息认证码。 10. The computer-implemented method as claimed in claim 7, wherein said at least one index value is a hash-based message authentication code.
  11. 11. 一种计算机实现的方法,包括: 通过处理器接收可搜索的字段索引的一个或多个索引值,其中所述索引值是利用用户的个人信息生成的; 通过所述处理器利用所述索引值来检索一个或多个经加密的数据记录;以及通过所述处理器发送所述一个或多个经加密的数据记录。 11. A computer-implemented method, comprising: receiving one or more index values ​​indexed searchable fields by a processor, wherein the index value is generated using the user's personal information; the use by the processor, index value to retrieve the one or more encrypted data record; and by the processor to send the one or more encrypted data record.
  12. 12. 如权利要求11所述的计算机实现的方法,其特征在于,每一个可搜索的字段索引的格式是利用与所述可搜索的字段索引相关联的可搜索的字段的敏感性来确定的。 12. The computer-implemented method of claim 11, wherein each field index is searchable format field sensitivity associated with using the searchable index field may be determined search .
  13. 13. 如权利要求11所述的计算机实现的方法,其特征在于,所述经加密的数据记录是利用数据加密密钥来加密的,经加密的数据记录是可利用与所述数据库加密密钥相关联的数据库解密密钥来解密的。 13. The computer-implemented method as claimed in claim 11, wherein the encrypted data is recorded using an encryption key data, encrypted data record is available with the database encryption key database decryption key associated with the decryption.
  14. 14. 如权利要求11所述的计算机实现的方法,其特征在于,所述索引值中的至少一个是基于散列的消息认证码。 14. The computer-implemented method as claimed in claim 11, wherein said at least one index value is a hash-based message authentication code.
  15. 15. 如权利要求11所述的计算机实现的方法,其特征在于,所述索引值是从服务中心计算机接收的,其中,所述索引值是利用由用户提供的标识信息而生成的。 15. The computer-implemented method as claimed in claim 11, wherein the index value is received from the service center computer, wherein the index value is provided by using the identification information generated by a user.
  16. 16. 如权利要求15所述的计算机实现的方法,其特征在于,所述方法进一步包括: 当多个经加密的数据记录匹配所述索引值时,提示所述服务中心计算机发送附加标识信息。 16. The computer-implemented method as claimed in claim 15, wherein said method further comprises: when a plurality of the encrypted data record matches the index value, prompting the service center computer to transmit the additional identification information.
  17. 17. -种包括配置成执行如权利要求11所述的方法的服务器计算机以及与所述服务器计算机通信的客户端计算机的系统,所述客户端计算机配置成: 发送所述一个或多个索引值; 接收所述一个或多个经加密的数据记录;以及解密所述一个或多个经加密的数据记录。 17. - species may include a server computer system configured to perform the method as claimed in claim 11 and the computer communication server and a client computer, the client computer is configured to: transmit the one or more index values ; receiving the one or more encrypted data record; and decrypting the data recording the one or more encrypted.
CN 201380053158 2012-08-15 2013-08-13 Searchable encrypted data CN104704493A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US201261683659 true 2012-08-15 2012-08-15
PCT/US2013/054779 WO2014028524A1 (en) 2012-08-15 2013-08-13 Searchable encrypted data

Publications (1)

Publication Number Publication Date
CN104704493A true true CN104704493A (en) 2015-06-10

Family

ID=50100957

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201380053158 CN104704493A (en) 2012-08-15 2013-08-13 Searchable encrypted data

Country Status (4)

Country Link
US (2) US9256764B2 (en)
EP (2) EP3364316A1 (en)
CN (1) CN104704493A (en)
WO (1) WO2014028524A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203139A (en) * 2016-07-13 2016-12-07 成都知道创宇信息技术有限公司 Method for local desensitization of data

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104704493A (en) * 2012-08-15 2015-06-10 维萨国际服务协会 Searchable encrypted data
US9087209B2 (en) * 2012-09-26 2015-07-21 Protegrity Corporation Database access control
US9552492B2 (en) * 2013-08-01 2017-01-24 Bitglass, Inc. Secure application access system
US10122714B2 (en) 2013-08-01 2018-11-06 Bitglass, Inc. Secure user credential access system
US9553867B2 (en) 2013-08-01 2017-01-24 Bitglass, Inc. Secure application access system
US9280678B2 (en) * 2013-12-02 2016-03-08 Fortinet, Inc. Secure cloud storage distribution and aggregation
US9363243B2 (en) * 2014-03-26 2016-06-07 Cisco Technology, Inc. External indexing and search for a secure cloud collaboration system
US20150347965A1 (en) * 2014-05-29 2015-12-03 Ebay Inc. Systems and methods for reporting compromised card accounts
CN104579632B (en) * 2014-12-19 2016-05-18 上海天旦网络科技发展有限公司 Operation and maintenance system security sensitive data storage and retrieval method and apparatus
KR20160080201A (en) * 2014-12-29 2016-07-07 삼성전자주식회사 Terminal for User, Apparatus for Providing Service, Driving Method of Terminal for User, Driving Method of Apparatus for Providing Service and System for Encryption Indexing-based Search
EP3040898A1 (en) * 2014-12-31 2016-07-06 Gemalto Sa System and method for obfuscating an identifier to protect the identifier from impermissible appropriation
US10114955B2 (en) * 2015-02-11 2018-10-30 Visa International Service Association Increasing search ability of private, encrypted data
US10037433B2 (en) 2015-04-03 2018-07-31 Ntt Docomo Inc. Secure text retrieval
CN104809410A (en) * 2015-05-13 2015-07-29 上海凭安企业信用征信有限公司 Individual privacy protected credit investigation data desensitized acquisition method
CN104809409A (en) * 2015-05-13 2015-07-29 上海凭安企业信用征信有限公司 Individual privacy protected credit investigation data dispersed acquisition method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050058122A1 (en) * 2003-09-15 2005-03-17 Anspach Steve S. Standard telephone equipment (STE) based deployable secure communication system
CN101512525A (en) * 2006-09-06 2009-08-19 微软公司 Encrypted data search
CN102144371A (en) * 2008-09-10 2011-08-03 Lg电子株式会社 Method for selectively encrypting control signal
KR20110127791A (en) * 2010-05-20 2011-11-28 소프트포럼 주식회사 System for encrypting database and method therefor

Family Cites Families (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6212606B1 (en) * 1998-10-13 2001-04-03 Compaq Computer Corporation Computer system and method for establishing a standardized shared level for each storage unit
JP2001056810A (en) * 1999-06-07 2001-02-27 Kawasaki Steel Systems R & D Corp Database access system
US7362868B2 (en) * 2000-10-20 2008-04-22 Eruces, Inc. Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data
US6963980B1 (en) * 2000-11-16 2005-11-08 Protegrity Corporation Combined hardware and software based encryption of databases
US7484092B2 (en) * 2001-03-12 2009-01-27 Arcot Systems, Inc. Techniques for searching encrypted files
US20040083395A1 (en) * 2002-08-01 2004-04-29 Elain Blechman Client-centric e-health system and method with applications to long-term health and community care consumers, insurers, and regulators
DE60222227T2 (en) * 2001-12-26 2008-01-10 Kabushiki Kaisha Toshiba Communication system, wireless communication apparatus and communication method
US20060149962A1 (en) * 2003-07-11 2006-07-06 Ingrian Networks, Inc. Network attached encryption
US8041719B2 (en) * 2003-05-06 2011-10-18 Symantec Corporation Personal computing device-based mechanism to detect preselected data
US7502934B2 (en) * 2003-12-16 2009-03-10 Sap Aktiengesellschaft Electronic signatures
US7519835B2 (en) * 2004-05-20 2009-04-14 Safenet, Inc. Encrypted table indexes and searching encrypted tables
WO2005119960A3 (en) * 2004-06-01 2006-08-10 Univ Ben Gurion Structure preserving database encryption method and system
US7783899B2 (en) * 2004-12-09 2010-08-24 Palo Alto Research Center Incorporated System and method for performing a conjunctive keyword search over encrypted data
JP2007066206A (en) * 2005-09-01 2007-03-15 Ricoh Co Ltd Device and method for retrieving document referer
US7603344B2 (en) * 2005-10-19 2009-10-13 Advanced Digital Forensic Solutions, Inc. Methods for searching forensic data
US7647630B2 (en) * 2005-12-15 2010-01-12 International Business Machines Corporation Associating security information with information objects in a data processing system
US7873577B1 (en) 2006-01-27 2011-01-18 Aspect Loss Prevention, LLC Sensitive data aliasing for transaction-card and other applications
WO2007120625A3 (en) * 2006-04-10 2009-04-02 Sawteeth Inc Secure and granular index for information retrieval
US8086842B2 (en) * 2006-04-21 2011-12-27 Microsoft Corporation Peer-to-peer contact exchange
US7904732B2 (en) * 2006-09-27 2011-03-08 Rocket Software, Inc. Encrypting and decrypting database records
KR100903601B1 (en) * 2007-10-24 2009-06-18 한국전자통신연구원 Searching system for encrypted numeric data and searching method therefor
US8266430B1 (en) * 2007-11-29 2012-09-11 Emc Corporation Selective shredding in a deduplication system
US8726042B2 (en) * 2008-02-29 2014-05-13 Microsoft Corporation Tamper resistant memory protection
CN101593196B (en) * 2008-05-30 2013-09-25 日电(中国)有限公司 Method, device and system for rapidly searching ciphertext
US8346532B2 (en) * 2008-07-11 2013-01-01 International Business Machines Corporation Managing the creation, detection, and maintenance of sensitive information
CA2733578A1 (en) * 2008-08-13 2010-02-18 Secure Exchange Solutions, Llc Trusted card system using secure exchange
US8966250B2 (en) * 2008-09-08 2015-02-24 Salesforce.Com, Inc. Appliance, system, method and corresponding software components for encrypting and processing data
US8582771B2 (en) * 2008-09-10 2013-11-12 Lg Electronics Inc. Method for selectively encrypting control signal
KR101033511B1 (en) * 2008-09-12 2011-05-09 (주)소만사 Method for protecting private information and computer readable recording medium therefor
KR101190059B1 (en) * 2008-12-12 2012-10-16 한국전자통신연구원 Method for data encryption and method for conjunctive keyword search of encrypted data
US8131738B2 (en) * 2008-12-30 2012-03-06 International Business Machines Corporation Search engine service utilizing hash algorithms
US8837718B2 (en) * 2009-03-27 2014-09-16 Microsoft Corporation User-specified sharing of data via policy and/or inference from a hierarchical cryptographic store
US9684710B2 (en) * 2009-05-28 2017-06-20 Microsoft Technology Licensing, Llc Extending random number summation as an order-preserving encryption scheme
US9172534B2 (en) * 2009-07-29 2015-10-27 Nec Corporation Range search system, range search method, and range search program
US20110040753A1 (en) * 2009-08-11 2011-02-17 Steve Knight Personalized search engine
US9537650B2 (en) * 2009-12-15 2017-01-03 Microsoft Technology Licensing, Llc Verifiable trust for data through wrapper composition
US20110145580A1 (en) * 2009-12-15 2011-06-16 Microsoft Corporation Trustworthy extensible markup language for trustworthy computing and data services
KR101302137B1 (en) * 2009-12-16 2013-09-16 한국전자통신연구원 Method for Searchable Symmetric Encryption
CN102713995B (en) * 2010-01-15 2015-06-24 三菱电机株式会社 Confidential search system and encryption processing system
RU2012135493A (en) * 2010-01-19 2014-02-27 Виза Интернэшнл Сервис Ассосиэйшн verification mechanism
WO2011104663A1 (en) * 2010-02-23 2011-09-01 Confidato Security Solutions Ltd Method and computer program product for order preserving symbol based encryption
GB2483648A (en) * 2010-09-14 2012-03-21 Mastek Uk Ltd Obfuscation of data elements in a message associated with a detected event of a defined type
US8533489B2 (en) * 2010-09-29 2013-09-10 Microsoft Corporation Searchable symmetric encryption with dynamic updating
US9519800B2 (en) * 2011-01-07 2016-12-13 Thomson Licensing Device and method for online storage, transmission device and method, and receiving device and method
US9276746B2 (en) * 2011-01-18 2016-03-01 Mitsubishi Electric Corporation Encryption system, encryption processing method of encryption system, encryption device, decryption device, setup device, key generation device, and key delegation device using a user identifier for a user who belongs to a k-th hierarchy in an organization
US8510335B2 (en) * 2011-02-14 2013-08-13 Protegrity Corporation Database and method for controlling access to a database
US8694646B1 (en) * 2011-03-08 2014-04-08 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US8572379B2 (en) * 2011-08-08 2013-10-29 Xerox Corporation Private access to hash tables
US9391965B2 (en) * 2012-01-25 2016-07-12 Mitsubishi Electric Corporation Data search device, data search method, data search program, data registration device, data registration method, data registration program, and information processing device
US20130238646A1 (en) * 2012-03-06 2013-09-12 Evrichart, Inc. Partial-Match Searches of Encrypted Data Sets
WO2014008403A1 (en) * 2012-07-03 2014-01-09 Visa International Service Association Data protection hub
WO2014055148A3 (en) * 2012-07-09 2014-10-02 Massachusetts Institute Of Technology Cryptography and key management device and architecture
CN104704493A (en) * 2012-08-15 2015-06-10 维萨国际服务协会 Searchable encrypted data
US9355271B2 (en) * 2013-10-18 2016-05-31 Robert Bosch Gmbh System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050058122A1 (en) * 2003-09-15 2005-03-17 Anspach Steve S. Standard telephone equipment (STE) based deployable secure communication system
CN101512525A (en) * 2006-09-06 2009-08-19 微软公司 Encrypted data search
CN102144371A (en) * 2008-09-10 2011-08-03 Lg电子株式会社 Method for selectively encrypting control signal
KR20110127791A (en) * 2010-05-20 2011-11-28 소프트포럼 주식회사 System for encrypting database and method therefor

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106203139A (en) * 2016-07-13 2016-12-07 成都知道创宇信息技术有限公司 Method for local desensitization of data

Also Published As

Publication number Publication date Type
US9256764B2 (en) 2016-02-09 grant
US20140052999A1 (en) 2014-02-20 application
WO2014028524A1 (en) 2014-02-20 application
US20160112190A1 (en) 2016-04-21 application
EP3364316A1 (en) 2018-08-22 application
EP2885732B1 (en) 2018-04-04 grant
EP2885732A4 (en) 2016-03-09 application
US9544134B2 (en) 2017-01-10 grant
EP2885732A1 (en) 2015-06-24 application

Similar Documents

Publication Publication Date Title
US7353532B2 (en) Secure system and method for enforcement of privacy policy and protection of confidentiality
US7841523B2 (en) Secure payment card transactions
US7891563B2 (en) Secure payment card transactions
US8904181B1 (en) System and method for secure three-party communications
US20060123465A1 (en) Method and system of authentication on an open network
US9280765B2 (en) Multiple tokenization for authentication
US20130208893A1 (en) Sharing secure data
US20150046339A1 (en) Methods and systems for provisioning mobile devices with payment credentials
US20070093234A1 (en) Identify theft protection and notification system
US20020083008A1 (en) Method and system for identity verification for e-transactions
US20050036611A1 (en) Method and system for secure authentication
US20130212704A1 (en) Secure digital storage
US20150312041A1 (en) Authentication in ubiquitous environment
US20050193198A1 (en) System, method and apparatus for electronic authentication
US20120066757A1 (en) Accessing data based on authenticated user, provider and system
US20120078798A1 (en) Systems and methods for transmitting financial account information
US6915430B2 (en) Reliably identifying information of device generating digital signatures
US20040153650A1 (en) System and method for storing and accessing secure data
US20040193553A1 (en) Process for securing digital transactions
US8555079B2 (en) Token management
US20080208697A1 (en) Secure system and method for payment card and data storage and processing via information splitting
US8656180B2 (en) Token activation
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US20060122931A1 (en) Method and device for generating a single-use financial account number
US20100318468A1 (en) Tamper-Resistant Secure Methods, Systems and Apparatuses for Credit and Debit Transactions

Legal Events

Date Code Title Description
C06 Publication
EXSB Decision made by sipo to initiate substantive examination